CVE-2019-11644

CWE-4273 documents3 sources

Severity

7.8HIGH

EPSS

0.4%

top 39.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F-secure Client Security F-secure Computer Protection F-secure Internet Security +2 more

Timeline

PublishedMay 17

Latest updateMay 24

Description

In the F-Secure installer in F-Secure SAFE for Windows before 17.6, F-Secure Internet Security before 17.6, F-Secure Anti-Virus before 17.6, F-Secure Client Security Standard and Premium before 14.10, F-Secure PSB Workstation Security before 12.01, and F-Secure Computer Protection Standard and Premium before 19.3, a local user can escalate their privileges through a DLL hijacking attack against the installer. The installer writes the file rm.exe to C:\Windows\Temp and then executes it. The rm.ex…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDf-secure/client_security< 14.10

▶NVDf-secure/internet_security< 17.6

▶NVDf-secure/psb_workstation_security< 12.01

▶NVDf-secure/computer_protection< 19.3

▶NVDf-secure/safe< 17.6

🔴Vulnerability Details

GHSA

GHSA-chc5-6p8h-wc5r: In the F-Secure installer in F-Secure SAFE for Windows before 17↗2022-05-24

▶

CVEList

CVE-2019-11644: In the F-Secure installer in F-Secure SAFE for Windows before 17↗2019-05-17

▶