CVE-2021-41066: 
Bopsoft Listary vulnerability analysis and mitigation

CVE-2021-41066 is a security vulnerability discovered in Listary through version 6. The vulnerability exists when Listary is configured with administrator privileges, where it fails to perform proper privilege validation when users attempt to access system files through Listary itself. This results in a UAC (User Account Control) protection bypass, as Listary does not request permissions again for subsequent file access attempts (NVD).

The vulnerability is classified as a Missing Authorization weakness (CWE-862). It has received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability stems from Listary's improper implementation of privilege checks when configured as administrator, allowing subsequent file access without proper UAC validation (NVD).

When exploited, this vulnerability allows an attacker to bypass UAC protection and access files on the system without appropriate privilege validation. This could lead to unauthorized access to sensitive system files and potential privilege escalation scenarios (Medium Blog).

The vendor has been notified of the vulnerability through responsible disclosure on August 29, 2021. Users are advised to update to newer versions of Listary that address this security issue. As a workaround, users should avoid running Listary with administrator privileges when possible (Listary Download).

The vulnerability was initially disclosed to the Bopsoft/Listary team on August 29, 2021, with no immediate response. It was subsequently reported to MITRE on September 13, 2021, where it was assigned CVE-2021-41066. A follow-up attempt to communicate with Bopsoft/Listary was made on September 19, 2021, again with no response (Medium Blog).