cve-2019-3648 vulnerabilities and exploits

7.2
CVSSv2
CVE-2019-3648

A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier allows administrators to execute arbitrary code via carefully placing malicious files in specific locations protected by administrator permission....

6.8
CVSSv2
CVE-2019-8461

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location...

CheckpointEndpoint Security
4.4
CVSSv2
CVE-2019-17093

Avast Antivirus / AVG Antivirus - DLL Preloading into PPL and Potential Abuses...

AvastAntivirusAvgAnti-virus
9.3
CVSSv2
CVE-2019-15295

An Untrusted Search Path vulnerability in the ServiceInstance.dll library versions 1.0.15.119 and lower, as used in Bitdefender Antivirus Free 2020 versions prior to 1.0.15.138, allows an attacker to load an arbitrary DLL file from the search path....

4.6
CVSSv2
CVE-2019-17449

** DISPUTED ** Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges....

AviraSoftware Updater
9.3
CVSSv2
CVE-2019-14684

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687....

TrendmicroPassword Manager
7.2
CVSSv2
CVE-2019-12758

Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature....

SymantecEndpoint Protection