CVE-2019-19235

Published: Dec 18, 2019Modified: Nov 21, 2024

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name.

Affected (1)

Products: Asus: Atk Package

Asus

1 product

Atk Package

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus Atk Package	Before 1.0.0061

Running on/with	Platform Versions
Microsoft Windows 10	All versions

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (6)

https://safebreach.com/blog

Source: cve@mitre.org

Third Party Advisory

https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/

Source: cve@mitre.org

Vendor Advisory

https://www.asus.com/support/faq/1041545

Source: cve@mitre.org

Vendor Advisory

https://safebreach.com/blog

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.asus.com/support/faq/1041545

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.