Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
1 contributor

Users who have contributed to this file

Local Privilege Escalation

CVE-2019-16897

Affected Products

  • K7 Antivirus Premium from version 16.0.xxx up to and including 16.0.0120
  • K7 Total Security from version 16.0.xxx up to and including 16.0.0120
  • K7 Ultimate Security from version 16.0.xxx up to and including 16.0.0120

Vulnerability Type

Improper Access Control

Impact

Privileged Registry Write

Summary

Improper access controls allow an attacker to access and control the inter-process communication between a low privileged process and a SYSTEM service process. This can result in an arbitrary registry write to facilitate an escalation of privilege.

Exploitation

Auto Exploit PoC

Disclaimer: Only works for K7 Ultimate Security.

  1. Drop payload.dll onto the desktop (PoC is hardcoded to use username Standard-User,
  2. Navigate the AV UI to the landing/home page,
  3. Run SelfProtDisable.exe,
  4. Run PWN.EXE.

Article

https://0x00sec.org/t/anti-virus-exploitation-local-privilege-escalation-in-k7-security-cve-2019-16897/17655

Demo

K7demo1