CVE-2018-7535

An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product.
References
Link Resource
http://seclists.org/fulldisclosure/2018/Jul/54 Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:totalav:totalav:*:*:*:*:*:*:*:*

Information

Published : 2018-07-13 05:29

Updated : 2019-10-03 12:03


NVD link : CVE-2018-7535

Mitre link : CVE-2018-7535

Products Affected
No products.
CWE
CWE-276

Incorrect Default Permissions