Arbitrary Code Execution Flaw in Proofpoint Insider Threat Management Server
CVE-2020-10656
9.8CRITICAL
What is CVE-2020-10656?
The Proofpoint Insider Threat Management Server, previously known as ObserveIT Server, contains a security flaw in the WriteWindowMouseWithChunksV2 API used by the ITM application server. This vulnerability presents an opportunity for an anonymous remote attacker to execute arbitrary code, granting them local administrator privileges. The root cause of this issue stems from improper deserialization, which can lead to complete system compromise if exploited.
