The installer package used a folder that was writeable by unprivileged users to store executables. An attacker with access to the system could have manipulated these executables to gain SYSTEM privileges.
The vulnerability was acknowledged and fixed by neo42 within 4 weeks. We want to thank neo42 for their exemplary reaction to the vulnerability report.
CVSS Score
7.8 (CVSS v3)
CVSS Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Version
neo42 Sumatra PDF Package Version 3.4.6.0
Mitigation
The vulnerability can be resolved by using the newest version of the installer provided by neo42.
Credits
Kolja Grassmann (cirosec GmbH)
Vulnerability found
Vendor was contacted and informed about the vulnerability
Initial response from vendor
Vendor informs us that the issue was resolved