PT-2020-14610 · Qihoo 360 · 360 Total Security

Windows No Bugs

Published

2020-07-21

Updated

2021-07-21

CVE-2020-15723

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 360 Total Security versions 12.1.0.1004 and below

Description A local privilege escalation issue exists when the main process of 360 Total Security calls GameChrome.exe, allowing an attacker to execute arbitrary code on the local system through DLL hijacking.

Recommendations For versions 12.1.0.1004 and below, as a temporary workaround, consider restricting access to GameChrome.exe until a patch is available.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2020-15723

Affected Products

360 Total Security

PT-2020-14610 · Qihoo 360 · 360 Total Security

CVE-2020-15723

Weakness Enumeration

Related Identifiers

Affected Products

References · 3