New Search

Vulnerability in Kaspersky products (CVE-2019-15689)

oval:org.cisecurity:def:7925

Kaspersky Secure Connection Kaspersky Internet Security Kaspersky Total Security Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 8.1
  • Microsoft Windows 7
  • Microsoft Windows 8
  • Microsoft Windows Vista
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2019-15689
  • 021219
Product(s):
  • Kaspersky Internet Security
  • Kaspersky Security Cloud
  • Kaspersky Total Security
  • Kaspersky Secure Connection