Fan Control Improper Privilege Handling Vulnerability Allowing Local Privilege Escalation
Vulnerability
A vulnerability exists in the Fan Control application, specifically in versions prior to V251, due to improper privilege management in the Open File Dialog. This issue allows local attackers to manipulate user-supplied paths with elevated permissions, enabling them to execute arbitrary code or commands with administrator rights. The vulnerability arises because the application processes input from the file dialog's address bar and selection mechanism with inherited administrative privileges, which can be exploited during plugin installation, configuration importing, or diagnostic functions.
Impact
Exploitation of this vulnerability allows local users to execute code with elevated privileges, potentially leading to a full system compromise.
Remediation
Users can update to Fan Control version V251 or later, which addresses this vulnerability. The updated version is available on the Fan Control GitHub Releases page.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.