CVE-2017-12653

HIGH

360totalsecurity 360 Total Security - Uncontrolled Search Path

Title source: rule

Description

360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.

Exploits (1)

exploitdb WRITEUP

by SecuriTeam · remotewindows

https://www.exploit-db.com/exploits/44069

View Code ZIP pw:eip

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://blogs.securiteam.com/index.php/archives/3314#more-3314

Scores

CVSS v3 7.8

EPSS 0.0224

EPSS Percentile 84.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-427

Status published

Products (1)

360totalsecurity/360_total_security < 9.0.0.1202

Published Aug 07, 2017

Tracked Since Feb 18, 2026