CVE-2019-11644

In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:f-secure:computer_protection:*:*:*:*:standard:*:*:*
cpe:2.3:a:f-secure:client_security:*:*:*:*:premium:*:*:*
cpe:2.3:a:f-secure:computer_protection:*:*:*:*:premium:*:*:*
cpe:2.3:a:f-secure:internet_security:*:*:*:*:*:*:*:*
cpe:2.3:a:f-secure:safe:*:*:*:*:*:windows:*:*
cpe:2.3:a:f-secure:psb_workstation_security:*:*:*:*:*:*:*:*
cpe:2.3:a:f-secure:client_security:*:*:*:*:standard:*:*:*

Information

Published : 2019-05-17 14:29

Updated : 2020-08-24 10:37


NVD link : CVE-2019-11644

Mitre link : CVE-2019-11644


JSON object : View

CWE
CWE-427

Uncontrolled Search Path Element

Advertisement

dedicated server usa

Products Affected

f-secure

  • client_security
  • safe
  • computer_protection
  • internet_security
  • psb_workstation_security