CVE-2018-7535

HIGH

TotalAV 4.1.7-4.6.19 - Unauthenticated Arbitrary File Write via Weak Directory Permissions

Title source: llm
STIX 2.1

Description

An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product.

References (1)

Core 1
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Jul/54

Scores

CVSS v3 7.8
EPSS 0.0028
EPSS Percentile 19.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-276
Status published
Products (1)
totalav/totalav 4.1.7 - 4.6.19
Published Jul 13, 2018
Tracked Since Feb 18, 2026