Humming Heads Defense Platform Home Edition Windows Messaging Channel Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in Humming Heads Defense Platform Home Edition versions through 3.9.51.x, related to the unprotected Windows messaging channel known as 'Shatter'. This vulnerability allows an attacker to send a specially crafted message to a specific process on the Windows system where the product is running, potentially leading to arbitrary code execution with SYSTEM privileges.
Impact
Exploitation of this vulnerability could result in arbitrary code being executed with SYSTEM privileges on the affected Windows system.
Remediation
Users are advised to update the software to the latest version. Version 3.9.52.5 and later addresses vulnerabilities that could lead to unauthorized privilege escalation or file system manipulation. Defense Platform Home Edition also has an automatic update feature.