□ Overview
o ESTSOFT released security update to address privilege escalation vulnerability in ALTOOLS Update service.
Vulnerability Type
|
Impact
|
Severity
|
CVE ID
|
Permissions, Privileges, and Access Controls |
privilege escalation |
High
|
CVE-2019-12808
|
□ Description
o ALTOOLS update service contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges.
□ Affected Product
Product
|
Version
|
PlatForm
|
ALTOOLS Update service |
18.1 and prior
|
Windows
|
□ Solution
o Update software over ALTOOLS Update service 19.1 version
□ Reference site
https://www.altools.co.kr/Download/
□ Acknowledgements
o Thanks to Gyuho Lee for reporting this vulerability |