PT-2020-14611 · Qihoo 360 · 360 Total Security

Windows No Bugs

Published

2020-07-21

Updated

2021-07-21

CVE-2020-15724

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 360 Total Security versions 12.1.0.1005 and below

Description A local privilege escalation issue exists when the Gamefolde calls GameChrome.exe, allowing an attacker to exploit DLL hijacking and bypass hips, potentially executing arbitrary code on the local system.

Recommendations For versions 12.1.0.1005 and below, update to a version above 12.1.0.1005 to resolve the issue. As a temporary workaround, consider restricting access to the GameChrome.exe executable to minimize the risk of exploitation.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2020-15724

Affected Products

360 Total Security

PT-2020-14611 · Qihoo 360 · 360 Total Security

CVE-2020-15724

Weakness Enumeration

Related Identifiers

Affected Products

References · 3