CVE-2019-18194
HIGHTotalAV 2020 4.14.31 - Privilege Escalation via Quarantine NTFS Directory Junction
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2019-18194. PoCs published by Kusol Watchara-Apanukorn.
AI-analyzed exploit summary This is a writeup describing a privilege escalation vulnerability in TotalAV 2020 4.14.31 due to a quarantine flaw exploitable via NTFS directory junction. The PoC involves planting a malicious DLL, triggering its quarantine, and restoring it via a junction to escalate privileges.
Description
TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.
Exploits (1)
This is a writeup describing a privilege escalation vulnerability in TotalAV 2020 4.14.31 due to a quarantine flaw exploitable via NTFS directory junction. The PoC involves planting a malicious DLL, triggering its quarantine, and restoring it via a junction to escalate privileges.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H