Total AV 4.6.19 Insecure Permissions

Posted by deepcore on July 14, 2018 – 11:05 pm

A vulnerability allows local attackers to escalate privilege on TotalAV versions 4.1.7 through 4.6.19 because of weak “C:Program FilesTotalAV” permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« G DATA TOTAL SECURITY 25.4.0.3 Active-X Buffer Overflow OpenConext-EngineBlock 5.7.3 Cross Site Scripting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Total AV 4.6.19 Insecure Permissions

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL