CVE-2019-8461

Summary

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.

Affected Software

VendorProductVersion RangeStatus
n/aCheck Point Endpoint Security Initial Client for Windowsbefore version E81.30affected

Weaknesses

  • CWE-114: CWE-114: Process Control

ADP Enrichment

CVE Program Container

Additional References

References