CVE-2019-16913 : Security Advisory and Response

PC Protect Antivirus v4.14.31 has a vulnerability that allows any user to escalate privileges by exploiting weak folder permissions and a service running under LocalSystem.

Understanding CVE-2019-16913

This CVE involves a privilege escalation vulnerability in PC Protect Antivirus v4.14.31 due to weak folder permissions and a service configuration.

What is CVE-2019-16913?

The default installation location for PC Protect Antivirus v4.14.31 has weak folder permissions, granting full access to all users, and a service running under LocalSystem, enabling privilege escalation.

The Impact of CVE-2019-16913

The vulnerability allows any user to substitute the service's binary with a Trojan horse, potentially elevating their privileges to "NT AUTHORITY\SYSTEM."

Technical Details of CVE-2019-16913

This section provides detailed technical information about the vulnerability.

Vulnerability Description

PC Protect Antivirus v4.14.31 installs to a directory with weak permissions, allowing full access to all users. The SecurityService runs under LocalSystem, creating a privilege escalation risk.

Affected Systems and Versions

Product: PC Protect Antivirus v4.14.31
Vendor: N/A
Version: N/A

Exploitation Mechanism

Weak folder permissions grant full access to all users
Service running as LocalSystem allows binary substitution for privilege escalation

Mitigation and Prevention

To address CVE-2019-16913, follow these mitigation steps:

Immediate Steps to Take

Restrict folder permissions to authorized users only
Monitor and restrict access to the SecurityService binary

Long-Term Security Practices

Regularly review and update folder permissions
Implement least privilege access controls

Patching and Updates

Apply patches or updates provided by the vendor to address the vulnerability