Vulnerability Details CVE-2019-11644
In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.9%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
Products affected by CVE-2019-11644
-
cpe:2.3:a:f-secure:client_security:-
-
cpe:2.3:a:f-secure:client_security:13.00
-
cpe:2.3:a:f-secure:client_security:13.10
-
cpe:2.3:a:f-secure:client_security:13.11
-
cpe:2.3:a:f-secure:client_security:14.00
-
cpe:2.3:a:f-secure:client_security:14.01
-
cpe:2.3:a:f-secure:client_security:14.02
-
cpe:2.3:a:f-secure:computer_protection:*
-
cpe:2.3:a:f-secure:internet_security:*
-
cpe:2.3:a:f-secure:psb_workstation_security:-
-
cpe:2.3:a:f-secure:safe:*