CWE-65 - Windows hard link

Description

The software, when opening a file or directory, does not sufficiently handle when the name is associated with a hard link to a target that is outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

Latest vulnerabilities for CWE-65

Multiple vulnerabilities in NVIDIA GPU Display Driver 2021-07-20
Low Yes

Multiple vulnerabilities in Trend Micro Apex One 2020-08-31
Low Yes

Privilege escalation in Microsoft Windows Hard Link 2020-08-12
Low Yes

Privilege escalation in Avira Software Updater 2020-05-06
Low Yes

Privilege escalation in Microsoft Windows Defender Antimalware Platform 2020-04-14
Low Yes

Denial of service in Microsoft Visual Studio Extension Installer Service 2020-03-10
Low Yes

Denial of service in Microsoft Windows Tile Object Service 2020-03-10
Low Yes

Privilege escalation in Avast Secure Browser 2020-01-27
Low Yes

Remote code execution in Visual Studio 2019-11-13
Medium Yes

Multiple denial of service vulnerabilities in Microsoft Windows 2019-10-09
Medium Yes

References

Description of CWE-65 on Mitre website