A local privilege escalation vulnerability has been identified in the JTVNCProxy Windows service in JAWS version 13.0 and earlier. When installed, this service allows Read/Write access to any user, meaning any user can modify the location of the binary executed by the service with SYSTEM privileges. It should be noted that this vulnerability is not present in versions of JAWS from version 14 onwards. Continue reading...
