vendor:
Total Security
by:
An independent security researcher
7,8
CVSS
HIGH
Privileged Escalation
269
CWE
Product Name: Total Security
Affected Version From: 360 Total Security
Affected Version To: 360 Total Security
Patch Exists: YES
Related CWE: CVE-2017-12653
CPE: a:360:total_security
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7, Windows XP
2017
Privileged Escalation Vulnerability in 360 Total Security
When 360 Total security is load on Windows machine the binaries try to load a DLL (Shcore.dll) in order to display correctly in High DPI displays. 360 Total security install Shcore.dll on Windows 8.1 and above, but not in previous versions (for example – Windows 7 and XP). For this reason, the administration components of 360 Total Security try to find and load this DLL in Windows 7 too, where it does not exist. Placing a DLL named Shcore.dll in a directory listed in the PATH system variable will load this in the memory space of 360 software. Loading the DLL inside a 360 administration process gives us privileges of administrator.
Mitigation:
The vendor has released patches to address this vulnerability.
