An issue was discovered in the Portrait Dell Color...
Moderate severity
Unreviewed
Published
May 19, 2026
to the GitHub Advisory Database
•
Updated May 19, 2026
Description
Published by the National Vulnerability Database
May 19, 2026
Published to the GitHub Advisory Database
May 19, 2026
Last updated
May 19, 2026
An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges.
References