Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Local Privilege Escalation (CVE-2019-18645)

Affected Products

  • Total Defense Anti-virus 11.5.2.28

Vulnerability Type

Improper Access Control

Impact

Privileged File Write

Summary

The quarantine restoration function in Total Defense Anti-virus is vulnerable to symbolic link attacks allowing files to be written to privileged directories.

Exploitation

  1. Disable automatic scanner,
  2. Manual scan malware and wait until it is quarantined,
  3. Create a symbolic link from the original malware path to the target file,
  4. Restore the malware.

Demo

https://github.com/NtRaiseHardError/Antimalware-Research/blob/master/Total%20Defense/Local%20Privilege%20Escalation/v11.5.2.28/Total%20Defense%20file%20write.mp4