CVE-2019-18670

Current Description

In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITYSYSTEM. This is a DLL Hijacking vulnerability (including search order hijacking, which searches for the missing DLL in the PATH environment variable), which is caused by an uncontrolled search path element for nvapi.dll, atiadlxx.dll, or atiadlxy.dll.

Basic Data

PublishedDecember 17, 2019
Last ModifiedDecember 30, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-426
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score6.9
SeverityMEDIUM
Exploitability Score3.4
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAcerQuick Access********2.01.30002.01.3027
    2.3ApplicationAcerQuick Access********3.00.30003.00.3008

Vulnerable Software List

VendorProductVersions
Acer Quick Access *

References

NameSourceURLTags
https://drive.google.com/open?id=1r0cr-H_FMc8V4hwlqF1MAEhSSnztm5sphttps://drive.google.com/open?id=1r0cr-H_FMc8V4hwlqF1MAEhSSnztm5spMISCExploit Third Party Advisory
https://us.answers.acer.com/app/answers/detail/a_id/64586https://us.answers.acer.com/app/answers/detail/a_id/64586CONFIRMPatch Vendor Advisory