CyberSec.Space Logo
Back to CVE Browser

CVE-2019-13357

HIGH
7.8
CVSS Severity Score
EPSS Score0.0870%
EPSS Percentile32.66th
PublishedSep 24, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the affected executable.

Affected Platforms (CPE)

πŸ“¦
Totaldefense

Anti Virus

= 9.0.0.773

References & Advisories

πŸ”— https://github.com/NtRaiseHardError/Antimalware-Research/tree/master/Total%20Defense/DLL%20Hijacking/v9.0.0.773
πŸ”— https://www.totaldefense.com/security-blog
πŸ”— https://github.com/NtRaiseHardError/Antimalware-Research/tree/master/Total%20Defense/DLL%20Hijacking/v9.0.0.773
πŸ”— https://www.totaldefense.com/security-blog

Related Vulnerabilities

CVE-2006-594010.0

Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors related to "Intege...

CVE-2006-593810.0

Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a craft...

CVE-2005-305710.0

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers ...

CVE-2006-640910.0

F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to cause a denial of service (possibly fatal scan error), and ...