Local Privilege Escalation (CVE-2019-18645)
Affected Products
- Total Defense Anti-virus 11.5.2.28
Vulnerability Type
Improper Access Control
Impact
Privileged File Write
Summary
The quarantine restoration function in Total Defense Anti-virus is vulnerable to symbolic link attacks allowing files to be written to privileged directories.
Exploitation
- Disable automatic scanner,
- Manual scan malware and wait until it is quarantined,
- Create a symbolic link from the original malware path to the target file,
- Restore the malware.