CVE-2019-11644

Name of the Vulnerable Software and Affected Versions F-Secure SAFE for Windows versions prior to 17.6 F-Secure Internet Security versions prior to 17.6 F-Secure Anti-Virus versions prior to 17.6 F-Secure Client Security Standard and Premium versions prior to 14.10 F-Secure PSB Workstation Security versions prior to 12.01 F-Secure Computer Protection Standard and Premium versions prior to 19.3

Description A local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:WindowsTemp and then executes it. The rm.exe process attempts to load several DLLs from its current directory. Non-admin users can write to this folder, allowing an attacker to create a malicious C:WindowsTempOLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.

Recommendations For F-Secure SAFE for Windows versions prior to 17.6, update to version 17.6 or later. For F-Secure Internet Security versions prior to 17.6, update to version 17.6 or later. For F-Secure Anti-Virus versions prior to 17.6, update to version 17.6 or later. For F-Secure Client Security Standard and Premium versions prior to 14.10, update to version 14.10 or later. For F-Secure PSB Workstation Security versions prior to 12.01, update to version 12.01 or later. For F-Secure Computer Protection Standard and Premium versions prior to 19.3, update to version 19.3 or later.