CVE-2023-45159 Information
Oct 07, 2023
cve
Description
1E Client installer can perform arbitrary file deletion on protected files.
A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available Q23092 that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.
Reference
https://www.1e.com/trust-security-compliance/cve-info/
Related CNNVD
CNNVD-202508-1979 (Published: 2025-08-16)
Share on: