Local Privilege Escalation Vulnerability in K7 Antivirus by K7 Computing
CVE-2019-16897

9.8CRITICAL

Key Information:

Vendor: K7computing
Status: K7 Antivirus Premium; K7 Total Security; K7 Ultimate Security
Vendor: CVE Published:; 28 October 2019

🔔 Create K7computing Vulnerability Alert

What is CVE-2019-16897?

In several versions of K7 Antivirus, K7 Total Security, and K7 Ultimate Security, a local privilege escalation vulnerability exists due to inadequate verification of user administrative privileges in the K7TSHlpr.dll module. This flaw allows attackers to perform arbitrary registry writes via inter-process communication with the K7AVOptn.dll module, potentially compromising the integrity of the system and allowing unauthorized escalated access to sensitive system resources.

References

https://github.com/NtRaiseHardError/Antimalware-Research/...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2019
Vulnerability Reserved
Sep 25, 2019