PT-2018-18140 · Totalav · Totalav
Filipe Xavier Oliveira
·
Published
2018-07-13
·
Updated
2019-10-03
·
CVE-2018-7535
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TotalAV version 4.1.7
Description
An issue was discovered that allows an unprivileged user to modify or overwrite all of the product's files due to weak permissions under %PROGRAMFILES%. This weakness enables local users to gain privileges or obtain maximum control over the product.
Recommendations
For TotalAV version 4.1.7, consider restricting access to the product's files under %PROGRAMFILES% to prevent local users from modifying or overwriting them, until a fix is available.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totalav