====== Security update for Lime CRM Desktop Client ======
  ; Bulletin ID : LCSEC20-01
  ; Date published : 2020-12-21
  ; Priority : 2
  ; Severity : Critical
  
Priority and severity ratings are determined as described [[security:ratings|here]].
  
===== Summary =====
This security update resolved a vulnerability in Lime CRM Desktop Client. The vulnerability enables local Windows users to execute programs with elevated privileges.

===== Affected versions =====
^ Product  ^ Version  ^ Platform  ^
| Lime CRM Desktop Client | initial – 10.18.579| Windows |

===== Solution =====
Upgrade to newest version of Lime CRM Desktop Client.

^ Product  ^ Type  ^ Updated version  ^ Availability  ^
| Lime CRM Desktop Client | Product release  | 10.18.962 - latest | [[https://builds.lundalogik.com/api/v1/builds/limecrm-desktop/versions/latest/file?tag=stable|Download]] |

===== Vulnerability information =====
==== Detailed summary ====
An attacker could launch Lime CRM Desktop Client with elevated privileges and via programmatic extensions or documents launch any Windows process with elevated privileges.

==== Mitigating factors ====
The attacker must be an authenticated user for the system and have a high technical knowledge about it.