PT-2020-14609 · Qihoo 360 · 360 Total Security

Windows No Bugs

Published

2020-07-21

Updated

2021-07-21

CVE-2020-15722

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 360 Total Security versions 12.1.0.1004 and below

Description A local privilege escalation issue exists when TPI calls the browser process, allowing an attacker to execute arbitrary code on the local system through DLL hijacking.

Recommendations For versions 12.1.0.1004 and below, consider restricting access to the TPI component to minimize the risk of exploitation until a patch is available.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2020-15722

Affected Products

360 Total Security

PT-2020-14609 · Qihoo 360 · 360 Total Security

CVE-2020-15722

Weakness Enumeration

Related Identifiers

Affected Products

References · 3