CVE-2019-18670
HIGHAcer Quick Access <2.01.3027-3.00.3008 - DLL Hijacking
Title source: llmDescription
In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability (including search order hijacking, which searches for the missing DLL in the PATH environment variable), which is caused by an uncontrolled search path element for nvapi.dll, atiadlxx.dll, or atiadlxy.dll.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/open?id=1r0cr-H_FMc8V4hwlqF1MAEhSSnztm5sp
Patch, Vendor Advisory x_refsource_confirm
https://us.answers.acer.com/app/answers/detail/a_id/64586
Scores
CVSS v3
7.8
EPSS
0.0079
EPSS Percentile
51.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
acer/quick_access
2.01.3000 - 2.01.3027
Published
Dec 17, 2019
Tracked Since
Feb 18, 2026