1. Home
  2. CVE Database
  3. CVE-2019-16897
CRITICAL · 9.8

CVE-2019-16897

In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the ...

Vulnerability Description

In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
K7ComputingK7 Antivirus Premium>= 16.0.000, <= 16.0.0120
K7ComputingK7 Total Security>= 16.0.000, <= 16.0.0120
K7ComputingK7 Ultimate Security>= 16.0.000, <= 16.0.0120

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2019-16897?

CVE-2019-16897 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the ...

How severe is CVE-2019-16897?

CVE-2019-16897 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-16897?

Check the references section above for vendor advisories and patch information. Affected products include: K7Computing K7 Antivirus Premium, K7Computing K7 Total Security, K7Computing K7 Ultimate Security.