CVE-2019-16897
Summary
| CVE | CVE-2019-16897 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-10-28 15:15:00 UTC |
| Updated | 2019-10-31 02:36:00 UTC |
| Description | In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process. |
Risk And Classification
Problem Types: CWE-269
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | K7computing | K7 Antivirus Premium | All | All | All | All |
| Application | K7computing | K7 Total Security | All | All | All | All |
| Application | K7computing | K7 Ultimate Security | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Antimalware-Research/README.md at master · NtRaiseHardError/Antimalware-Research · GitHub | MISC | github.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.