CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-13357

HIGH
7.8
CVSS Severity Score
EPSS Score0.0870%
EPSS Percentile32.66th
Published2019年9月24日
Last Modified2024年11月21日

Vulnerability Description

In Total Defense Anti-virus 9.0.0.773, resource acquisition from the untrusted search path C:\ used by caschelp.exe allows local attackers to hijack ccGUIFrm.dll, which leads to code execution. SYSTEM-level code execution can be achieved when the ccSchedulerSVC service runs the affected executable.

Affected Platforms (CPE)

📦
Totaldefense

Anti Virus

= 9.0.0.773

References & Advisories

🔗 https://github.com/NtRaiseHardError/Antimalware-Research/tree/master/Total%20Defense/DLL%20Hijacking/v9.0.0.773
🔗 https://www.totaldefense.com/security-blog
🔗 https://github.com/NtRaiseHardError/Antimalware-Research/tree/master/Total%20Defense/DLL%20Hijacking/v9.0.0.773
🔗 https://www.totaldefense.com/security-blog

相關漏洞威脅

CVE-2006-594010.0

Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors related to "Intege...

CVE-2006-593810.0

Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a craft...

CVE-2005-305710.0

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers ...

CVE-2006-640910.0

F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to cause a denial of service (possibly fatal scan error), and ...