Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

TotalAV 2020 4.14.31 - Privilege Escalation

 Share


HACK1949

Recommended Posts

# Exploit Title: TotalAV 2020 4.14.31 - Privilege Escalation
# Date: 2020-01-09
# Exploit Author: Kusol Watchara-Apanukorn
# Vendor Homepage: https://www.totalav.com/
# Version: 4.14.31
# Fixed on:  5.3.35
# Tested on: Windows 10 x64
# CVE : CVE-2019-18194

# Vulnerability Description:
# TotalAV 2020 4.14.31 has quarantine flaw that allows attacker escape of
# privilege by using NTFS directory junction.

**You can download vulnerability version with this link:
https://install.protected.net/windows/cdn3/4.14.31/TotalAV_Setup.exe

///////////////////////////////////
   Proof of Concept
//////////////////////////////////
1. Plant the malicious file in this case we use DLL file
2. To exploit the vulnerability antivirus must detect the malicious dll
3. Move it to quarantine.
4. Attacker must create NTFS directory junction to restore

Full step: https://www.youtube.com/watch?v=88qeaLq98Gc


Vulnerability Disclosure Timeline:
==================================
17 Oct, 19 : Found Vulnerability
18 Oct, 19 : Vendor Notification
18 Oct, 19 : Request CVE
21 Oct, 19 : Vendor Response
mid Dec, 19  : Vendor released new patched (v5.3.35)
09 Jan, 20: Vulnerability Disclosure
            
Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...