CVE-2019-11644

HIGH

F-Secure <17.6 - Privilege Escalation

Title source: llm

Description

In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\Windows\Temp\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker's DLL in an elevated security context.

References (1)

[Vendor Advisory] https://www.f-secure.com/en/web/labs_global/fsc-2019-2

Scores

CVSS v3 7.8

EPSS 0.0040

EPSS Percentile 60.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (7)

f-secure/client_security < 14.10

f-secure/computer_protection < 19.3

f-secure/internet_security < 17.6

f-secure/psb_workstation_security < 12.01

f-secure/safe < 17.6

Timeline

Published May 17, 2019

Tracked Since Feb 18, 2026