virus logo FortiClient Vulnerability

Privilege Escalation for F-Secure Client Security

description-logoDescription

F-Secure Client Security Standard and Premium before 14.10 a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\\Windows\\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\\Windows\\Temp\\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker\'s DLL in an elevated security context.

affected-products-logoAffected Applications

F-Secure Client Security

CVE References

CVE-2019-11644

Other References

https://www.f-secure.com/en/business/support-and-downloads/security-advisories
ID 2358
Created Sep 01, 2021
Description
Updated		 Feb 16, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor F-Secure
Patch manual
Application F-Secure Client Security