FortiClient (Windows) - Arbitrary file write as SYSTEM


An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows may allow a local attacker to perform an arbitrary file write on the system.

Affected Products

FortiClientWindows version 6.0.0 through 6.0.10
FortiClientWindows version 6.2.0 through 6.2.9
FortiClientWindows version 6.4.0 through 6.4.7
FortiClientWindows version 7.0.0 through 7.0.3


Please upgrade to FortiClientWindows 7.0.4 or above.
Please upgrade to FortiClientWindows 6.4.8 or above.


Fortinet is pleased to thank David Yesland from Rhino Security Labs for bringing this issue to our attention under responsible disclosure.