In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality.
References
Link | Resource |
---|---|
https://github.com/NtRaiseHardError/Antimalware-Research/blob/master/K7%20Security/Local%20Privilege%20Escalation/v16.0.0117/README.md | Exploit Third Party Advisory |
https://support.k7computing.com/index.php?/selfhelp/categories/Vulnerability%20Report%20and%20Advisory/29 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-27T15:27:13
Updated: 2019-12-27T15:27:13
Reserved: 2019-09-25T00:00:00
Link: CVE-2019-16896
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-27T16:15:11.320
Modified: 2020-01-09T17:46:16.813
Link: CVE-2019-16896
JSON object: View
Redhat Information
No data.
CWE