Vulnerability Description
Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Code42 | Code42 | <= 7.0.2 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://support.code42.com/Terms_and_conditions/Code42_customer_support_resourceVendor Advisory
- https://support.code42.com/Terms_and_conditions/Code42_customer_support_resourceVendor Advisory
- https://support.code42.com/Terms_and_conditions/Code42_customer_support_resourceVendor Advisory
- https://support.code42.com/Terms_and_conditions/Code42_customer_support_resourceVendor Advisory
FAQ
What is CVE-2019-16860?
CVE-2019-16860 is a vulnerability with a CVSS score of 7.3 (HIGH). Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL)...
How severe is CVE-2019-16860?
CVE-2019-16860 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16860?
Check the references section above for vendor advisories and patch information. Affected products include: Code42 Code42, Microsoft Windows.