PT-2017-12631 · Qihoo 360 · 360 Total Security

Published

2017-08-07

Updated

2019-10-03

CVE-2017-12653

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 360 Total Security version 9.0.0.1202

Description The issue allows for privilege escalation via a Trojan horse Shcore.dll file in any directory in the PATH. This can be demonstrated by placing the malicious file in a directory such as C:Python27.

Recommendations For version 9.0.0.1202, update to a version released after 2017-07-07 to resolve the issue. As a temporary workaround, consider restricting access to directories in the PATH to minimize the risk of exploitation.

Exploit

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2017-12653

Affected Products

360 Total Security

PT-2017-12631 · Qihoo 360 · 360 Total Security

CVE-2017-12653

Weakness Enumeration

Related Identifiers

Affected Products

References · 4