Fortinet Discovers G Data Elevation of Privileges Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered an Arbitrary File Write vulnerability in G Data.
G Data is an award-winning Anti-Virus software which uses multiple scanning engines.
An Arbitrary File Write vulnerability has been discovered in G Data by FortiGuard Labs. This vulnerability exists in its file restore mechanism because the vulnerable application fails to verify if the target file is a symbolic link. It could allow malicious users to overwrite any existing file with a malicious one. It's possible to exploit it to achieve elevation of privileges.
Solutions
Users should apply the solution provided by G Data.Additional Information
The issue is fixed in G Data 25.5.9.25.Timeline
Fortinet reported the vulnerability to G Data on August 24, 2020.
G Data confirmed the vulnerability on September 3, 2020.
G Data patched the vulnerability on November 2, 2020.