CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-16913

PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 6.8%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 7.2

References

https://flipflopsecurity.wordpress.com/2019/10/07/pc-protect-v4-14-31-privilege-esclation/
https://flipflopsecurity.wordpress.com/2019/10/07/pc-protect-v4-14-31-privilege-esclation/

Products affected by CVE-2019-16913

Pcprotect » Antivirus » Version: 4.14.31

cpe:2.3:a:pcprotect:antivirus:4.14.31

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16913

Products

Pricing

Contact Us