Improper link resolution before file access (‘link following’) in .NET allows an authorized attacker to elevate privileges locally.