Legacy Installer Vulnerability

Description

  • JustDecompile v2019.1.118.0 and older

Root Cause

In Telerik JustDecompile versions v2019.1.118 and older, it is possible for a bad actor, who already has preexisting access to the Windows user’s local account, to gain elevated permissions using the legacy installer.

During initial installation of JustDecompile, the user must always approve the UAC prompt for the installer to obtain elevated permissions to complete the installation. However, if the product has already been installed, the installer could be abused to execute commands at a higher privilege than the current user.

Solution

Update JustDecompile to the latest version, v2024.1 (or later). Installing the update will replace the legacy installer, removing the avenue of attack.

Notes

  • We would like to thank the Lockheed Martin Red Team for their professionalism, completeness, and responsible disclosure.
  • This issue is solely for the installer, not the JustDecompile application.
  • This attack requires local access to a system that already has JustDecompile installed using the legacy installer.

External References

CVE-2024-0219 (HIGH)

CVSS: 7.8

In Telerik JustDecompile versions prior to 2024 Q1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.

Discoverer Credit: HackerOne - Lockheed Martin Red Team

In this article
Related articles
Not finding the help you need? Improve this article