DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.
References
Link | Resource |
---|---|
https://www.asus.com/support/FAQ/1042640/ | Vendor Advisory |
https://drive.google.com/file/d/1Ap293b7bZLen6DmheppR1IUFEAsCSORC/view?usp=sharing | Exploit Mailing List Third Party Advisory |
https://www.asus.com/Laptops/ASUS-TUF-Gaming-FX504/HelpDesk_Download/ | Vendor Advisory |
https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2020-03-25 10:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-10649
Mitre link : CVE-2020-10649
JSON object : View
CWE
CWE-427
Uncontrolled Search Path Element
Products Affected
asus
- device_activation
microsoft
- windows_10