Security update for Lime CRM Desktop Client
- Bulletin ID
- LCSEC20-01
- Date published
- 2020-12-21
- Priority
- 2
- Severity
- Critical
Priority and severity ratings are determined as described here.
Summary
This security update resolved a vulnerability in Lime CRM Desktop Client. The vulnerability enables local Windows users to execute programs with elevated privileges.
Affected versions
| Product | Version | Platform |
|---|---|---|
| Lime CRM Desktop Client | initial – 10.18.579 | Windows |
Solution
Upgrade to newest version of Lime CRM Desktop Client.
| Product | Type | Updated version | Availability |
|---|---|---|---|
| Lime CRM Desktop Client | Product release | 10.18.962 - latest | Download |
Vulnerability information
Detailed summary
An attacker could launch Lime CRM Desktop Client with elevated privileges and via programmatic extensions or documents launch any Windows process with elevated privileges.
Mitigating factors
The attacker must be an authenticated user for the system and have a high technical knowledge about it.