Sublime Text 4 Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in Sublime Text 4, version 4200. This issue allows authenticated attackers with low-level privileges to gain Administrator rights by replacing the uninstallation file with a malicious binary in the application's installation directory.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation to Administrator level.

Reproduction

To reproduce this vulnerability, first install Sublime Text 4 version 4200 using an Administrator account. After installation, switch to a standard user account and place a reverse shell executable in the Sublime Text installation directory, renaming it to 'unins000.exe'. Then, switch back to the Administrator account and uninstall the application, which will trigger the execution of the reverse shell with elevated privileges. Finally, return to the standard user account to confirm that a reverse shell connection has been established with Administrator-level privileges.