CVE-2019-19235

HIGH

ASUS ATK Package <V1.0.0061 - RCE

Title source: llm

Description

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name.

References (3)

[Third Party Advisory] https://safebreach.com/blog

[Vendor Advisory] https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/

[Vendor Advisory] https://www.asus.com/support/faq/1041545

Scores

CVSS v3 7.0

EPSS 0.0020

EPSS Percentile 42.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

asus/atk_package < 1.0.0061

Timeline

Published Dec 18, 2019

Tracked Since Feb 18, 2026