본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory
CVE-2019-12808 | ALTOOLS Update Service Local Privilege Escalation Vulnerability2019.08.13
□ Overview

 o ESTSOFT released security update to address privilege escalation vulnerability in ALTOOLS Update service.

Vulnerability Type

Impact

Severity

CVE ID
Permissions, Privileges, and Access Controls privilege escalation

High

CVE-2019-12808

 

□ Description

 o ALTOOLS update service contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges.
 

□ Affected Product

Product

Version

PlatForm
ALTOOLS Update service

18.1 and prior

Windows

 

□ Solution

 o Update software over ALTOOLS Update service 19.1 version

 

□ Reference site

https://www.altools.co.kr/Download/

 

□ Acknowledgements

 o Thanks to Gyuho Lee for reporting this vulerability