CVE-2019-18670
Summary
| CVE | CVE-2019-18670 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-12-17 16:15:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability (including search order hijacking, which searches for the missing DLL in the PATH environment variable), which is caused by an uncontrolled search path element for nvapi.dll, atiadlxx.dll, or atiadlxy.dll. |
Risk And Classification
Problem Types: CWE-427
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Acer | Quick Access | All | All | All | All |
| Application | Acer | Quick Access | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Acer Quick Access Security Vulnerability information | CONFIRM | us.answers.acer.com | Patch, Vendor Advisory |
| Error 404 (Not Found)!!1 | MISC | drive.google.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.