Search criteria
3 vulnerabilities by pcprotect
CVE-2022-36670 (GCVE-0-2022-36670)
Vulnerability from cvelistv5 – Published: 2022-09-06 18:08 – Updated: 2024-08-03 10:07
VLAI
Summary
PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://mrvar0x.com/2022/07/21/pcprotect-endpoint… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mrvar0x.com/2022/07/21/pcprotect-endpoint-tampering-exploit/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T18:08:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mrvar0x.com/2022/07/21/pcprotect-endpoint-tampering-exploit/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mrvar0x.com/2022/07/21/pcprotect-endpoint-tampering-exploit/",
"refsource": "MISC",
"url": "https://mrvar0x.com/2022/07/21/pcprotect-endpoint-tampering-exploit/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36670",
"datePublished": "2022-09-06T18:08:43.000Z",
"dateReserved": "2022-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:07:34.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16913 (GCVE-0-2019-16913)
Vulnerability from cvelistv5 – Published: 2019-10-07 21:47 – Updated: 2024-08-05 01:24
VLAI
Summary
PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://flipflopsecurity.wordpress.com/2019/10/07… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://flipflopsecurity.wordpress.com/2019/10/07/pc-protect-v4-14-31-privilege-esclation/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\\PCProtect with very weak folder permissions, granting any user full permission \"Everyone: (F)\" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to \"NT AUTHORITY\\SYSTEM\" by substituting the service\u0027s binary with a Trojan horse."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-07T21:47:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://flipflopsecurity.wordpress.com/2019/10/07/pc-protect-v4-14-31-privilege-esclation/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\\PCProtect with very weak folder permissions, granting any user full permission \"Everyone: (F)\" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to \"NT AUTHORITY\\SYSTEM\" by substituting the service\u0027s binary with a Trojan horse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://flipflopsecurity.wordpress.com/2019/10/07/pc-protect-v4-14-31-privilege-esclation/",
"refsource": "MISC",
"url": "https://flipflopsecurity.wordpress.com/2019/10/07/pc-protect-v4-14-31-privilege-esclation/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16913",
"datePublished": "2019-10-07T21:47:19.000Z",
"dateReserved": "2019-09-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:24:48.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17776 (GCVE-0-2018-17776)
Vulnerability from cvelistv5 – Published: 2018-09-28 21:00 – Updated: 2024-08-05 10:54
VLAI
Summary
PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://packetstormsecurity.com/files/149581/PCPr… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/45503/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-09-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:10.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/149581/PCProtect-4-8.35-Privilege-Escalation.html"
},
{
"name": "45503",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45503/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PCProtect Anti-Virus v4.8.35 has \"Everyone: (F)\" permission for %PROGRAMFILES(X86)%\\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-08T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/149581/PCProtect-4-8.35-Privilege-Escalation.html"
},
{
"name": "45503",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45503/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PCProtect Anti-Virus v4.8.35 has \"Everyone: (F)\" permission for %PROGRAMFILES(X86)%\\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/149581/PCProtect-4-8.35-Privilege-Escalation.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/149581/PCProtect-4-8.35-Privilege-Escalation.html"
},
{
"name": "45503",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45503/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17776",
"datePublished": "2018-09-28T21:00:00.000Z",
"dateReserved": "2018-09-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:54:10.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}