CVE-2018-10959 (avecto_defendpoint)

Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker’s process launch.
Source: NIST
CVE-2018-10959 (avecto_defendpoint)