Описание
TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs.
Ссылки
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.8.0.2266 (исключая)Версия до 2.0.0.1291 (исключая)
Одно из
cpe:2.3:a:trustport:antivirus:*:*:*:*:*:*:*:*
cpe:2.3:a:trustport:pc_security:*:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00084
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-732
CWE-732
Связанные уязвимости
CVSS3: 7.8
github
почти 4 года назад
TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs.
EPSS
Процентиль: 25%
0.00084
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-732
CWE-732