Description
The product does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
CVE vulnerabilities with CWE-422 (2)
8.8
CVSS
HIGH
CVE-2025-20094
pub. 2025-02-06
8.8
CVSS
HIGH
CVE-2025-22894
pub. 2025-02-06