CVE-2019-17449

Опубликовано: 10 окт. 2019

Источник: nvd

CVSS3: 6.7

CVSS2: 4.6

EPSS Низкий

Описание

Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges

Ссылки

https://safebreach.com/Post/Avira-Antivirus-2019-4-Services-DLL-Preloading-and-Potential-Abuses-CVE-2019-17449
https://support.avira.com/hc/en-us/articles/360000142857-Avira-Software-Updater
Release Notes
https://safebreach.com/Post/Avira-Antivirus-2019-4-Services-DLL-Preloading-and-Potential-Abuses-CVE-2019-17449
https://support.avira.com/hc/en-us/articles/360000142857-Avira-Software-Updater
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:avira:software_updater:*:*:*:*:*:*:*:*

Версия до 2.0.6.21094 (исключая)

EPSS

Процентиль: 39%

0.00178

Низкий

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-426

Связанные уязвимости

GHSA-cqfh-cpp6-j7j9