CVE-2019-19382 — HIGH (7.8)

Vulnerability Description

Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Maxpcsecure	Anti Virus Plus	19.0.4.020

Related Weaknesses (CWE)

CWE-732

References

http://hyp3rlinx.altervista.orgExploitThird Party Advisory
http://packetstormsecurity.com/files/155506/Max-Secure-Anti-Virus-Plus-19.0.4.02ExploitThird Party AdvisoryVDB Entry
http://hyp3rlinx.altervista.orgExploitThird Party Advisory
http://packetstormsecurity.com/files/155506/Max-Secure-Anti-Virus-Plus-19.0.4.02ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2019-19382?

CVE-2019-19382 is a vulnerability with a CVSS score of 7.8 (HIGH). Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation.

How severe is CVE-2019-19382?

CVE-2019-19382 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-19382?

Check the references section above for vendor advisories and patch information. Affected products include: Maxpcsecure Anti Virus Plus.