PT-2019-18682 · Emsisoft · Emsisoft Anti-Malware

Published

2019-02-08

Updated

2020-08-24

CVE-2019-7651

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Emsisoft Anti-Malware versions prior to 2018.12

Description The issue allows an attacker to bypass ACLs due to the lack of FILE DEVICE SECURE OPEN in Interpreted Device Characteristics. This leads to improper protection of files and directories within the .EPP device, resulting in unintended impersonation or object creation.

Recommendations For versions prior to 2018.12, update to version 2018.12 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-7651

Affected Products

Emsisoft Anti-Malware

PT-2019-18682 · Emsisoft · Emsisoft Anti-Malware

CVE-2019-7651

Related Identifiers

Affected Products

References · 6