Security researcher SandboxEscaper released a working proof-of-concept (PoC) exploit for a new Windows zero-day vulnerability. The flaw affects the MsiAdvertiseProduct function that generates an advertise script or advertises a product to the computer. The vulnerability is an arbitrary file read vulnerability that could be exploited by a low-privileged user or a malicious program to read the content of any file on a Windows system. The researcher published a video of the vulnerability and also a video PoC exploit on Github.”]
Source: https://securityaffairs.co/wordpress/79035/hacking/windows-zero-day-2.html