A local privilege escalation issue was discovered in Avast Secure Browser version 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates.
ea6f5697a1e7a127ba2de04c3e0ae95fTrend Maximum Security 2019 suffers from an unquoted search path vulnerability. This application provides an unquoted path in the parameter lpApplicationName of the function CreateProcessW during process create PwmConsole.exe --- which is triggered from the feature PC Health Checkup. If an attacker has write permissions to C:\ or C:\Program Files\, it could deliver an arbitrary executable named Program.exe or Trend.exe which would be executed by the coreServiceShell process. coreServiceShell is a privileged process that will run Program.exe with same privilege.
bbe0cfc27ac89fd49ed6a2d8487c2970Avira Free Security Suite 2019 Software Updater version 2.0.6.13175 suffers from an improper access control that allows for arbitrary file write that can allow an unprivileged user to obtain SYSTEM privileges.
a4d390f701aa2edd6b20fd861c82f57bResponsive File Manager 9.13.1 suffers from a file disclosure vulnerability.
e6654d43dad5be76d71dc9d6bc5269d0
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed