Uncontrolled Path Vulnerability in Intel DPC++/C++ Compiler for Windows
CVE-2024-39365

5.4MEDIUM

Key Information:

Vendor: Intel Corporation
Status: Intel(r) Oneapi Dpc++/c++ Compiler Software For Windows
Vendor: CVE Published:; 12 February 2025

Summary

The Intel oneAPI DPC++/C++ Compiler for Windows has a vulnerability that allows authenticated users to manipulate search paths, potentially enabling privilege escalation through local system access. This security flaw affects versions prior to 2024.2, and users are advised to update their software to mitigate risks. For detailed information, consult Intel's security advisory.

Affected Version(s)

Intel(R) oneAPI DPC++/C++ Compiler software for Windows before version 2024.2

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Jun 29, 2024