CVE-2024-46467 is a vulnerability identified in ZONEPOINT for Windows versions up to 2024.1, where dedicated folders created by the software are, by default, accessible to other users on the same system. This misconfiguration allows unauthorized users to access and misuse technical files stored in these folders, potentially causing these files to execute tasks with elevated privileges. The root cause relates to improper access control settings (CWE-276: Incorrect Default Permissions) on critical folders, which should be restricted to prevent unauthorized access. The vulnerability has a CVSS 3.1 base score of 7.8, indicating high severity, with an attack vector of local access (AV:L), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), and scope change (S:C). The impact primarily affects confidentiality and availability, as unauthorized users can leverage the vulnerability to escalate privileges and perform unauthorized actions. Although no exploits are currently known in the wild, the vulnerability poses a significant risk to environments where multiple users share access to the same Windows system running ZONEPOINT. Mitigation involves modifying the default configuration of ZONEPOINT to enforce strict access controls on dedicated folders, ensuring that only authorized users and processes can access or modify technical files. This may include applying NTFS permissions, using access control lists (ACLs), or other Windows security mechanisms to restrict folder access. Organizations should audit their ZONEPOINT installations and apply configuration changes promptly to reduce exposure.

The vulnerability allows unauthorized local users to access dedicated ZONEPOINT folders and misuse technical files to perform tasks with elevated privileges, leading to potential privilege escalation. This can compromise system confidentiality by exposing sensitive technical files and availability by enabling unauthorized modifications or disruptions of ZONEPOINT operations. The high attack complexity and requirement for local access limit remote exploitation but do not eliminate risk in environments where multiple users share systems, such as enterprise desktops, shared workstations, or terminal servers. If exploited, attackers could gain unauthorized control over ZONEPOINT functions, potentially affecting broader system security and stability. The absence of known exploits in the wild reduces immediate risk but does not preclude future exploitation, especially as details become public. Organizations relying on ZONEPOINT for Windows should consider this vulnerability a significant threat to their endpoint security posture.

1. Immediately review and modify the default folder permissions of ZONEPOINT dedicated folders to restrict access exclusively to authorized users and system processes. 2. Use Windows NTFS permissions and Access Control Lists (ACLs) to enforce least privilege on these folders, preventing unauthorized read/write/execute access. 3. Implement regular audits of folder permissions and access logs to detect unauthorized access attempts. 4. Apply the principle of least privilege to all users on systems running ZONEPOINT, minimizing the number of users with local access. 5. If available, apply vendor patches or configuration updates addressing this vulnerability as soon as they are released. 6. Educate system administrators and users about the risks of shared access to systems running ZONEPOINT and enforce strict user account management policies. 7. Consider isolating critical ZONEPOINT installations on dedicated machines or virtual environments with controlled user access to reduce exposure. 8. Monitor security advisories from ZONEPOINT and related security communities for updates or exploit reports.