Privileged File Delete (CVE-2019-18644)

Affected Products

Total Defense Anti-virus 11.5.2.28

Vulnerability Type

Improper Access Control

Impact

Privileged File Delete

Summary

The malware scan function in Total Defense Anti-virus is vulnerable to a TOCTOU bug and symbolic link attacks allowing privileged files to be deleted.

Exploitation

Disable automatic scanner,
Manually scan malware,
Delete the malware while scan is in progress,
Create a symbolic link from the original malware path to a target file.

Demo

https://github.com/NtRaiseHardError/Antimalware-Research/blob/master/Total%20Defense/Privileged%20File%20Delete/v11.5.2.28/Total%20Defense%20file%20delete.mp4

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Privileged File Delete (CVE-2019-18644)

Affected Products

Vulnerability Type

Impact

Summary

Exploitation

Demo

Files

README.md

Latest commit

History

README.md

File metadata and controls

Privileged File Delete (CVE-2019-18644)

Affected Products

Vulnerability Type

Impact

Summary

Exploitation

Demo