Main Vulnerability Database Vulnerabilities #VU34937

#VU34937 Link following in K7 Ultimate Security - CVE-2019-16896

Published: December 27, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU34937

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-16896

CWE-ID: CWE-59

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
K7 Ultimate Security

Software vendor:
K7 Computing Pvt Ltd.

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality.

Remediation

Install update from vendor's website.

External links

https://github.com/NtRaiseHardError/Antimalware-Research/blob/master/K7%20Security/Local%20Privilege%20Escalation/v16.0.0117/README.md
https://support.k7computing.com/index.php?/selfhelp/categories/Vulnerability%20Report%20and%20Advisory/29

#VU34937 Link following in K7 Ultimate Security - CVE-2019-16896

Description

Remediation

External links

Please verify you're human