360 Total Security version 12.1.0.1005 Untrusted Search Path Vulnerability

Summary

In the version 12.1.0.1005 and below of 360 Total Security, when the Gamefolde calls GameChrome.exe, there exists a local privilege escalation vulnerability.

Credit:

The information has been provided by Vendor

The original article can be found at:https://security.360.cn/News/news/id/232


Details

An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.

 

Vulnerable Systems:

360 Total Security version 12.1.0.1005

 

CVE Information:

CVE-2020-15724

 

Disclosure Timeline:
Published Date:7/21/2020

Categories: FeaturedNews