In the Quick Access Service (QAAdminAgent.exe) in Acer Quick Access V2.01.3000 through 2.01.3027 and V3.00.3000 through V3.00.3008, a REGULAR user can load an arbitrary unsigned DLL into the signed service's process, which is running as NT AUTHORITY\SYSTEM. This is a DLL Hijacking vulnerability (including search order hijacking, which searches for the missing DLL in the PATH environment variable), which is caused by an uncontrolled search path element for nvapi.dll, atiadlxx.dll, or atiadlxy.dll.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-17T15:10:05
Updated: 2024-08-05T01:54:14.602Z
Reserved: 2019-11-02T00:00:00
Link: CVE-2019-18670
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-17T16:15:14.483
Modified: 2024-11-21T04:33:29.817
Link: CVE-2019-18670
Redhat
No data.