PT-2018-14494 · Bestxsoftware · Best Free Keylogger

Martino Sani

Published

2018-11-19

Updated

2019-06-21

CVE-2018-18519

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BestXsoftware Best Free Keylogger versions prior to 6.0.0

Description The issue allows local users to gain privileges via a Trojan horse "%PROGRAMFILES%BFK 5.2.9syscrb.exe" file because of insecure permissions for the BUILTINUsers group.

Recommendations For versions prior to 6.0.0, consider updating to version 6.0.0 or later to resolve the issue. As a temporary workaround, restrict access to the "%PROGRAMFILES%BFK 5.2.9syscrb.exe" file to minimize the risk of exploitation.

Exploit

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2018-18519

Affected Products

Best Free Keylogger

PT-2018-14494 · Bestxsoftware · Best Free Keylogger

CVE-2018-18519

Weakness Enumeration

Related Identifiers

Affected Products

References · 3