Code injection

2019-06-2017:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

JSON

Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.

CPENameOperatorVersion
capsule_docseq< e81.0
endpoint_security_clientseq< e81.0
remote_access_clientseq< e81.0

Name	Operator	Version
capsule_docs	eq	< e81.0
endpoint_security_clients	eq	< e81.0
remote_access_clients	eq	< e81.0

References

supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk153053