CVE-2019-16897

CRITICAL

K7 Antivirus Premium <16.0.0120 - Privilege Escalation

Title source: llm

Description

In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll module to facilitate escalation of privileges via inter-process communication with a service process.

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/NtRaiseHardError/Antimalware-Research/blob/master/K7%20Security/Local%20Privilege%20Escalation/v16.0.0120/README.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0162

EPSS Percentile 73.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (3)

k7computing/k7_antivirus_premium 16.0.000 - 16.0.0120

k7computing/k7_total_security 16.0.000 - 16.0.0120

k7computing/k7_ultimate_security 16.0.000 - 16.0.0120

Published Oct 28, 2019

Tracked Since Feb 18, 2026