CVE-2024-13944

Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.gendigital.com/us/en/contact-us/security-advisories/

Configurations

No configuration.

History

13 Oct 2025, 10:15

Type	Values Removed	Values Added
CWE		CWE-59

12 May 2025, 17:32

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de escalada de privilegios locales mediante seguimiento de enlaces en NortonUtilitiesSvc en Norton Utilities Ultimate versión 24.2.16862.6344 en Windows 10 Pro x64 permite a atacantes locales escalar privilegios y ejecutar código arbitrario en el contexto de SYSTEM mediante la creación de un enlace simbólico y aprovechando un ataque TOCTTOU (tiempo de verificación a tiempo de uso).

09 May 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-09 16:15

Updated : 2025-10-13 10:15

NVD link : CVE-2024-13944

Mitre link : CVE-2024-13944

CVE.ORG link : CVE-2024-13944

JSON object : View

Products Affected

No product.

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

7.8 /10