Threat Encyclopedia

DLL Hijacking Vulnerability for F-Secure Computer Protection

description-logoDescription

In the F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\\Windows\\Temp and then executes it. The rm.exe process then attempts to load several DLLs from its current directory. Non-admin users are able to write to this folder, so an attacker can create a malicious C:\\Windows\\Temp\\OLEACC.dll file. When an admin runs the installer, rm.exe will execute the attacker\'s DLL in an elevated security context.

affected-products-logoAffected Products

F-Secure Computer Protection

CVE References

CVE-2019-11644