PT-2018-10062 · 2345 · Shanghai 2345 Security Guard

Published

2018-05-03

Updated

2019-10-03

CVE-2018-10716

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Shanghai 2345 Security Guard version 3.7.0

Description An issue was discovered that allows local users to bypass intended process protections and terminate processes because the WM CLOSE message is not properly considered. This affects the 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe components.

Recommendations For Shanghai 2345 Security Guard version 3.7.0, consider restricting access to the affected executables until a patch is available. As a temporary workaround, avoid using the WM CLOSE message to terminate processes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-10716

Affected Products

Shanghai 2345 Security Guard

PT-2018-10062 · 2345 · Shanghai 2345 Security Guard

CVE-2018-10716

Related Identifiers

Affected Products

References · 3