POC.mp4
Vulnerabilities occur in all user environments that attempt to install the latest version of AppCheck. In the process of running the installation anti-virus process level at "High" or higher, folders that can be accessed by regular users are read/written, and a symbolic vulnerability (lace condition) is used to arbitrarily access folders that require the same permissions as the System32 folder with regular user permissions. File writing is possible. So the attacker indiscriminately distributes it in advance, waits for the user to install AppCheck, and then the vulnerability is triggered upon installation.
Team Byerus (HeeChan Kim, Jinyoung Kim, MinkUk Kim, Seoungjin, Oh, Sangsoo Jeong)