PT-2019-14863 · Pcprotect · Pcprotect Anti-Virus

Flipfl0P

Published

2019-10-07

Updated

2020-08-24

CVE-2019-16913

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PC Protect Antivirus version 4.14.31

Description The issue concerns weak folder permissions in the default installation directory of PC Protect Antivirus, allowing any user to modify the contents of the directory and its subfolders. Additionally, the program installs a service called SecurityService that runs as LocalSystem, which can be exploited to escalate privileges to NT AUTHORITYSYSTEM by substituting the service's binary with a malicious file.

Recommendations For PC Protect Antivirus version 4.14.31, consider restricting access to the installation directory and its subfolders to prevent unauthorized modifications. As a temporary workaround, restrict access to the SecurityService to minimize the risk of privilege escalation.

Exploit

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2019-16913

Affected Products

Pcprotect Anti-Virus

PT-2019-14863 · Pcprotect · Pcprotect Anti-Virus

CVE-2019-16913

Weakness Enumeration

Related Identifiers

Affected Products

References · 3