Antus67

Level 4
Verified
Vulnerabilities discovered in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application could be exploited for DLL preloading, code execution, and privilege escalation, a security firm has warned.

According to SafeBreach, Kaspersky Secure Connection (KSDE), a VPN client used with various Kaspersky applications, including Security Cloud, Internet Security, Anti-Virus, Total Security, and Kaspersky Free, is impacted by CVE-2019-15689, a vulnerability that could allow an attacker to implant and run an arbitrary unsigned executable.

The issue is similar to vulnerabilities that SafeBreach has disclosed over the past several weeks in anti-malware applications from McAfee, Symantec, Avast and Avira, where privileged processes attempt to load libraries that are not present at the expected location.

Specifically, KSDE, a signed service that starts automatically at system boot up and which runs as SYSTEM, attempts to load multiple missing DLLs. An attacker able to load an arbitrary DLL could have it run with SYSTEM privileges within the context of ksde.exe.