Anti Virus Plus
CVE-2019-19382
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation.
AnalysisAI
Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation. Affected products include: Maxpcsecure Anti Virus Plus.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.
More in Anti Virus Plus
View allK7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and Total Security before 14.2.0.253 allows local users
A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. Rated medium severity (CVSS 5.5), this vulnerability i
A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. Rated medium severity (CVSS 5.5), this vulnerability i
A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. Rated medium severity (CVSS 5.5), this vulnerability i
A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Rated medium severity (CVSS
A Privilege Escalation vulnerability in the Microsoft Windows client in McAfee Total Protection 16.0.R22 and earlier all
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today