CVE-2019-11644

In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:WindowsTemp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:WindowsTempOLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.
References
Configurations

Configuration 1

cpe:2.3:a:f-secure:computer_protection:*:*:*:*:premium:*:*:*
cpe:2.3:a:f-secure:computer_protection:*:*:*:*:standard:*:*:*
cpe:2.3:a:f-secure:psb_workstation_security:*:*:*:*:*:*:*:*
cpe:2.3:a:f-secure:client_security:*:*:*:*:premium:*:*:*
cpe:2.3:a:f-secure:client_security:*:*:*:*:standard:*:*:*
cpe:2.3:a:f-secure:internet_security:*:*:*:*:*:*:*:*
cpe:2.3:a:f-secure:safe:*:*:*:*:*:windows:*:*

Information

Published : 2019-05-17 09:29

Updated : 2020-08-24 05:37


NVD link : CVE-2019-11644

Mitre link : CVE-2019-11644

Products Affected
No products.
CWE