The Synopsys Cybersecurity Research Center (CyRC) team has identified a local privilege escalation vulnerability in Kaspersky VPN Secure Connection for Microsoft Windows.
In the Support Tools part of the application, a regular user can use Delete service data and reports to remove a privileged folder. Based on this capability, an attacker can leverage Arbitrary Folder Delete to SYSTEM EoP to gain SYSTEM privileges, Synopsys researchers say.