360 Total Security 12.1.0.1004 Untrusted Search Path Vulnerability

Summary

In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. 

Credit:

The information has been provided by Vendor

The original article can be found at:https://security.360.cn/News/news/id/232


Details

An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.

 

Vulnerable Systems:

360 Total Security 12.1.0.1004 

 

CVE Information:

CVE-2020-15723

 

Disclosure Timeline:
Published Date:7/21/2020

Categories: FeaturedNews