Primary

Context

Everything Privilege Escalation and Denial-of-Service Vulnerability

Vulnerability

Patched

A vulnerability exists in the Everything application, specifically in versions prior to 1.5a, due to the service running as SYSTEM and communicating with the lower-privileged GUI via a named pipe. This named pipe has a NULL DACL, granting full permissions to all users. As a result, a local low-privilege user could potentially exploit this vulnerability for privilege escalation (if combined with other factors) or to cause a denial-of-service.

Impact

Exploitation could lead to a denial-of-service or allow a local low-privilege user to escalate privileges, but only if this vulnerability is chained with other elements.

Added: Nov 4, 2025, 5:17 AM

Updated: Nov 4, 2025, 12:22 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

3.3

remediation

7.7

relevance

1.0

threat

0.0

urgency

5.7

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

3.3

remediation

7.7

relevance

1.0

threat

0.0

urgency

5.7

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Everything Privilege Escalation and Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

voidtools Everything

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating