Code Sector

1. <b><a href="https://securityandstuff.com/posts/teracopy_arbitrary_read/" target="_blank" rel="nofollow noopener noreferrer">https://securityandstuff.com/posts/teracopy_arbitrary_read</a> </b>(no longer available)

 The author reported that TeraCopy 3.9.7 allowed copying folders that regular users typically lack permissions to access. However, the TeraCopy service enforces a check for admin privileges. As demonstrated in the video, non-admin users are unable to access restricted files and folders.

2. <b><a href="https://packetstormsecurity.com/files/143984/TeraCopyService-3.1-Unquoted-Service-Path-Privilege-Escalation.html" target="_blank" rel="nofollow noopener noreferrer">https://packetstormsecurity.com/files/143984/TeraCopyService-3.1-Unquoted-Service-Path-Privilege-Escalation.html </a></b>

Strangely, this CVE also links to a separate issue in TeraCopy 3.1 (released in 2017). The video at timestamp <a href="https://www.youtube.com/watch?v=mrOHtWWFhJI&amp;t=18s" target="_blank" rel="nofollow noopener noreferrer">0:18</a> confirms that version 3.9.7 does not exhibit this vulnerability, as it was resolved in version 3.5b.

CVE-2023-29586

Products

Blog

Feedback

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you