cvelistv5 - CVE-2019-12280

CVE-2019-12280 (GCVE-0-2019-12280)

Vulnerability from cvelistv5

Published

2019-06-25 20:55

Modified

2024-08-04 23:17

Severity ?

CWE

Summary

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.

References

URL

Tags

cve@mitre.org	http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Jun/29	Mailing List, Third Party Advisory
cve@mitre.org	http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/108880	Third Party Advisory, VDB Entry
cve@mitre.org	https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software	Third Party Advisory
cve@mitre.org	https://seclists.org/fulldisclosure/2019/Jun/29	Mailing List, Third Party Advisory
cve@mitre.org	https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en	Third Party Advisory
cve@mitre.org	https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist	Third Party Advisory, US Government Resource, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Jun/29	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108880	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/fulldisclosure/2019/Jun/29	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist	Third Party Advisory, US Government Resource, VDB Entry

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:17:38.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190621 PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jun/29"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html"
          },
          {
            "name": "108880",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108880"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/fulldisclosure/2019/Jun/29"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-06-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-25T20:56:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20190621 PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jun/29"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html"
        },
        {
          "name": "108880",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108880"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/fulldisclosure/2019/Jun/29"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12280",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190621 PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Jun/29"
            },
            {
              "name": "http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html"
            },
            {
              "name": "108880",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108880"
            },
            {
              "name": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report",
              "refsource": "CONFIRM",
              "url": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report"
            },
            {
              "name": "https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist"
            },
            {
              "name": "https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software",
              "refsource": "MISC",
              "url": "https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software"
            },
            {
              "name": "https://seclists.org/fulldisclosure/2019/Jun/29",
              "refsource": "MISC",
              "url": "https://seclists.org/fulldisclosure/2019/Jun/29"
            },
            {
              "name": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en",
              "refsource": "MISC",
              "url": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-12280",
    "datePublished": "2019-06-25T20:55:14",
    "dateReserved": "2019-05-22T00:00:00",
    "dateUpdated": "2024-08-04T23:17:38.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-12280\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-06-25T21:15:09.733\",\"lastModified\":\"2024-11-21T04:22:33.390\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.\"},{\"lang\":\"es\",\"value\":\"PC-Doctor Toolbox anterior a la versi\u00f3n 7.3 tiene un elemento path de b\u00fasqueda no controlada.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pc-doctor:toolbox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3\",\"matchCriteriaId\":\"D9FF93D2-F059-4FE6-81BD-C9F07A12D51A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:supportassist_for_business_pcs:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCB902B3-9139-4B4B-99D6-853DDE5C4C16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dell:supportassist_for_home_pcs:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A7F9D18-9BD1-4228-8A10-1A4A748606E4\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Jun/29\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108880\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/fulldisclosure/2019/Jun/29\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Jun/29\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/108880\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/fulldisclosure/2019/Jun/29\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\",\"VDB Entry\"]}]}}"
  }
}

cnvd-2019-19312

Vulnerability from cnvd

Title

PC-Doctor Toolbox任意代码执行漏洞

Description

PC-Doctor Toolbox是美国PC-Doctor Toolbox公司的一款硬件诊断和系统信息监控工具。 PC-Doctor Toolbox 7.3之前版本中存在安全漏洞。攻击者可利用该漏洞在受影响应用程序的上下文中执行任意代码或造成拒绝服务。

Severity

中

Patch Name

PC-Doctor Toolbox任意代码执行漏洞的补丁

Patch Description

PC-Doctor Toolbox是美国PC-Doctor Toolbox公司的一款硬件诊断和系统信息监控工具。 PC-Doctor Toolbox 7.3之前版本中存在安全漏洞。攻击者可利用该漏洞在受影响应用程序的上下文中执行任意代码或造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report

Reference

https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en https://www.securityfocus.com/bid/108880

Impacted products

Name
PC-Doctor Toolbox PC-Doctor Toolbox <7.3

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "108880"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-12280"
    }
  },
  "description": "PC-Doctor Toolbox\u662f\u7f8e\u56fdPC-Doctor Toolbox\u516c\u53f8\u7684\u4e00\u6b3e\u786c\u4ef6\u8bca\u65ad\u548c\u7cfb\u7edf\u4fe1\u606f\u76d1\u63a7\u5de5\u5177\u3002\n\nPC-Doctor Toolbox 7.3\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Peleg Hadar",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-19312",
  "openTime": "2019-06-27",
  "patchDescription": "PC-Doctor Toolbox\u662f\u7f8e\u56fdPC-Doctor Toolbox\u516c\u53f8\u7684\u4e00\u6b3e\u786c\u4ef6\u8bca\u65ad\u548c\u7cfb\u7edf\u4fe1\u606f\u76d1\u63a7\u5de5\u5177\u3002\r\n\r\nPC-Doctor Toolbox 7.3\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PC-Doctor Toolbox\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "PC-Doctor Toolbox PC-Doctor Toolbox \u003c7.3"
  },
  "referenceLink": "https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en\r\nhttps://www.securityfocus.com/bid/108880",
  "serverity": "\u4e2d",
  "submitTime": "2019-06-26",
  "title": "PC-Doctor Toolbox\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

var-201906-0576

Vulnerability from variot

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. PC-Doctor Toolbox Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PC-Doctor for Windows is prone to an arbitrary code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. PC-Doctor Toolbox is a hardware diagnostic and system information monitoring tool developed by PC-Doctor Toolbox in the United States. A security vulnerability exists in PC-Doctor Toolbox versions prior to 7.3. Full Disclosure

I. VULNERABILITY

Uncontrolled search path element vulnerability in PC-Doctor Toolbox prior to version 7.3 allows local users to gain privileges and conduct DLL hijacking attacks via a trojan horse DLL located in an unsecured directory which has been added to the PATH environment variable.

II. CVE REFERENCE

CVE-2019-12280

III. VENDOR

PC-Doctor, Inc.

IV. Affected Products

PC-Doctor Toolbox for Windows

Also re-branded as:

CORSAIR ONE Diagnostics CORSAIR Diagnostics Staples EasyTech Diagnostics Tobii I-Series Diagnostic Tool Tobii Dynavox Diagnostic Tool

V. TIMELINE

May 03, 2019 Vulnerability reported to PC-Doctor, Inc.

May 04, 2019 Vulnerability confirmed by PC-Doctor, Inc.

May 17, 2019 PC-Doctor, Inc. identified additional attack vectors in third party dependencies.

June 11, 2019 PC-Doctor Toolbox for Windows 7.3 released to OEM customers for testing.

June 12, 2019 PC-Doctor Toolbox for Windows 7.3 released to retail end-users.

June 19, 2019 Disclosure published.

VI. CREDIT

Peleg Hadar from SafeBreach, Inc.

VII. SOLUTION

Upgrade to version 7.3 of PC-Doctor Toolbox (or re-branded products)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201906-0576",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "toolbox",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "pc doctor",
        "version": "7.3"
      },
      {
        "model": "supportassist for home pcs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "3.2.2"
      },
      {
        "model": "supportassist for business pcs",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dell",
        "version": "2.0.1"
      },
      {
        "model": "supportassist for business pcs",
        "scope": null,
        "trust": 0.8,
        "vendor": "dell",
        "version": null
      },
      {
        "model": "pc-doctor for window",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pc doctor",
        "version": "0"
      },
      {
        "model": "supportassist for home pcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "3.2.1"
      },
      {
        "model": "supportassist for business pcs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "dell",
        "version": "2.0"
      },
      {
        "model": "supportassist for home pcs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dell",
        "version": "3.2.2"
      },
      {
        "model": "supportassist for business pcs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "dell",
        "version": "2.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108880"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005720"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12280"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:pc-doctor:toolbox",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:dell:supportassist_for_business_pcs",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005720"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Peleg Hadar",
    "sources": [
      {
        "db": "BID",
        "id": "108880"
      },
      {
        "db": "PACKETSTORM",
        "id": "153374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-931"
      }
    ],
    "trust": 1.0
  },
  "cve": "CVE-2019-12280",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-12280",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-144011",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-12280",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-12280",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-12280",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201906-931",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-144011",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-144011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-931"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12280"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. PC-Doctor Toolbox Contains a vulnerability related to uncontrolled search path elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PC-Doctor for Windows is prone to an arbitrary code-execution vulnerability. \nAn attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition. PC-Doctor Toolbox is a hardware diagnostic and system information monitoring tool developed by PC-Doctor Toolbox in the United States. A security vulnerability exists in PC-Doctor Toolbox versions prior to 7.3. Full Disclosure\n\nI. VULNERABILITY\n-------------------------\nUncontrolled search path element vulnerability in PC-Doctor Toolbox prior\nto version 7.3 allows local users to gain privileges and conduct DLL\nhijacking attacks via a trojan horse DLL located in an unsecured directory\nwhich has been added to the PATH environment variable. \n\n \n\nII. CVE REFERENCE\n-------------------------\nCVE-2019-12280\n\n \n\nIII. VENDOR\n-------------------------\nPC-Doctor, Inc. \n\n \n\nIV. Affected Products\n\n-------------------------\n\nPC-Doctor Toolbox for Windows\n\nAlso re-branded as:\n\n  CORSAIR ONE Diagnostics\n  CORSAIR Diagnostics\n  Staples EasyTech Diagnostics\n  Tobii I-Series Diagnostic Tool\n  Tobii Dynavox Diagnostic Tool\n\n \n\nV. TIMELINE\n-------------------------\nMay 03, 2019 Vulnerability reported to PC-Doctor, Inc. \n\nMay 04, 2019 Vulnerability confirmed by PC-Doctor, Inc. \n\nMay 17, 2019 PC-Doctor, Inc. identified additional attack vectors in third\nparty dependencies. \n\nJune 11, 2019 PC-Doctor Toolbox for Windows 7.3 released to OEM customers\nfor testing. \n\nJune 12, 2019 PC-Doctor Toolbox for Windows 7.3 released to retail\nend-users. \n\nJune 19, 2019 Disclosure published. \n\n \n\nVI. CREDIT\n-------------------------\nPeleg Hadar from SafeBreach, Inc. \n\n \n\nVII. SOLUTION\n-------------------------\nUpgrade to version 7.3 of PC-Doctor Toolbox (or re-branded products)\n\n \n\n \n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-12280"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005720"
      },
      {
        "db": "BID",
        "id": "108880"
      },
      {
        "db": "VULHUB",
        "id": "VHN-144011"
      },
      {
        "db": "PACKETSTORM",
        "id": "153374"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-144011",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-144011"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-12280",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "108880",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "153374",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005720",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-931",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-144011",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-144011"
      },
      {
        "db": "BID",
        "id": "108880"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005720"
      },
      {
        "db": "PACKETSTORM",
        "id": "153374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-931"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12280"
      }
    ]
  },
  "id": "VAR-201906-0576",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-144011"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:33:50.709000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "PC-Doctor Responds to Software Vulnerability Report",
        "trust": 0.8,
        "url": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report"
      },
      {
        "title": "DSA-2019-084",
        "trust": 0.8,
        "url": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
      },
      {
        "title": "PC-Doctor Toolbox Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94061"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-931"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-427",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-144011"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005720"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12280"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "https://seclists.org/fulldisclosure/2019/jun/29"
      },
      {
        "trust": 2.5,
        "url": "https://www.us-cert.gov/ncas/current-activity/2019/06/21/dell-releases-security-advisory-dell-supportassist"
      },
      {
        "trust": 2.0,
        "url": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/108880"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/153374/pc-doctor-toolbox-dll-hijacking.html"
      },
      {
        "trust": 1.7,
        "url": "https://safebreach.com/press-post/safebreach-identifies-serious-vulnerability-in-pc-doctor-software"
      },
      {
        "trust": 1.7,
        "url": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12280"
      },
      {
        "trust": 0.9,
        "url": "https://safebreach.com/post/oem-software-puts-multiple-laptops-at-risk"
      },
      {
        "trust": 0.9,
        "url": "https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12280"
      },
      {
        "trust": 0.3,
        "url": "http://www.pc-doctor.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-144011"
      },
      {
        "db": "BID",
        "id": "108880"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005720"
      },
      {
        "db": "PACKETSTORM",
        "id": "153374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-931"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12280"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-144011"
      },
      {
        "db": "BID",
        "id": "108880"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005720"
      },
      {
        "db": "PACKETSTORM",
        "id": "153374"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-931"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-12280"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-144011"
      },
      {
        "date": "2019-06-20T00:00:00",
        "db": "BID",
        "id": "108880"
      },
      {
        "date": "2019-06-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005720"
      },
      {
        "date": "2019-06-20T13:33:33",
        "db": "PACKETSTORM",
        "id": "153374"
      },
      {
        "date": "2019-06-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-931"
      },
      {
        "date": "2019-06-25T21:15:09.733000",
        "db": "NVD",
        "id": "CVE-2019-12280"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-06-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-144011"
      },
      {
        "date": "2019-06-20T00:00:00",
        "db": "BID",
        "id": "108880"
      },
      {
        "date": "2019-06-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-005720"
      },
      {
        "date": "2019-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201906-931"
      },
      {
        "date": "2024-11-21T04:22:33.390000",
        "db": "NVD",
        "id": "CVE-2019-12280"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "108880"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-931"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "PC-Doctor Toolbox Vulnerabilities in uncontrolled search path elements",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-005720"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201906-931"
      }
    ],
    "trust": 0.6
  }
}

ghsa-mf28-xm36-jhfj

Vulnerability from github

Published

2022-05-24 16:48

Modified

2024-04-04 01:02

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-12280"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-25T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.",
  "id": "GHSA-mf28-xm36-jhfj",
  "modified": "2024-04-04T01:02:57Z",
  "published": "2022-05-24T16:48:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12280"
    },
    {
      "type": "WEB",
      "url": "https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/fulldisclosure/2019/Jun/29"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2019/Jun/29"
    },
    {
      "type": "WEB",
      "url": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108880"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2019-12280

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.

Aliases

CVE-2019-12280

Aliases

CVE-2019-12280

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-12280",
    "description": "PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.",
    "id": "GSD-2019-12280"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-12280"
      ],
      "details": "PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.",
      "id": "GSD-2019-12280",
      "modified": "2023-12-13T01:23:44.150296Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-12280",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20190621 PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2019/Jun/29"
          },
          {
            "name": "http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html"
          },
          {
            "name": "108880",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/108880"
          },
          {
            "name": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report",
            "refsource": "CONFIRM",
            "url": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report"
          },
          {
            "name": "https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist",
            "refsource": "MISC",
            "url": "https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist"
          },
          {
            "name": "https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software",
            "refsource": "MISC",
            "url": "https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software"
          },
          {
            "name": "https://seclists.org/fulldisclosure/2019/Jun/29",
            "refsource": "MISC",
            "url": "https://seclists.org/fulldisclosure/2019/Jun/29"
          },
          {
            "name": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en",
            "refsource": "MISC",
            "url": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:pc-doctor:toolbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dell:supportassist_for_home_pcs:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dell:supportassist_for_business_pcs:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-12280"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-427"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190621 PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/Jun/29"
            },
            {
              "name": "https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource",
                "VDB Entry"
              ],
              "url": "https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist"
            },
            {
              "name": "https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software"
            },
            {
              "name": "108880",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/108880"
            },
            {
              "name": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report"
            },
            {
              "name": "http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html"
            },
            {
              "name": "https://seclists.org/fulldisclosure/2019/Jun/29",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://seclists.org/fulldisclosure/2019/Jun/29"
            },
            {
              "name": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-06-26T17:27Z",
      "publishedDate": "2019-06-25T21:15Z"
    }
  }
}

fkie_cve-2019-12280

Vulnerability from fkie_nvd

Published

2019-06-25 21:15

Modified

2024-11-21 04:22

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2019/Jun/29	Mailing List, Third Party Advisory
cve@mitre.org	http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/108880	Third Party Advisory, VDB Entry
cve@mitre.org	https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software	Third Party Advisory
cve@mitre.org	https://seclists.org/fulldisclosure/2019/Jun/29	Mailing List, Third Party Advisory
cve@mitre.org	https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en	Third Party Advisory
cve@mitre.org	https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist	Third Party Advisory, US Government Resource, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Jun/29	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/108880	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://seclists.org/fulldisclosure/2019/Jun/29	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist	Third Party Advisory, US Government Resource, VDB Entry

Impacted products

Vendor	Product	Version
pc-doctor	toolbox	*
dell	supportassist_for_business_pcs	2.0.1
dell	supportassist_for_home_pcs	3.2.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pc-doctor:toolbox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9FF93D2-F059-4FE6-81BD-C9F07A12D51A",
              "versionEndExcluding": "7.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dell:supportassist_for_business_pcs:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCB902B3-9139-4B4B-99D6-853DDE5C4C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dell:supportassist_for_home_pcs:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A7F9D18-9BD1-4228-8A10-1A4A748606E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element."
    },
    {
      "lang": "es",
      "value": "PC-Doctor Toolbox anterior a la versi\u00f3n 7.3 tiene un elemento path de b\u00fasqueda no controlada."
    }
  ],
  "id": "CVE-2019-12280",
  "lastModified": "2024-11-21T04:22:33.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-25T21:15:09.733",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jun/29"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108880"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2019/Jun/29"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource",
        "VDB Entry"
      ],
      "url": "https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153374/PC-Doctor-Toolbox-DLL-Hijacking.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/Jun/29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://safebreach.com/Press-Post/SafeBreach-Identifies-Serious-Vulnerability-In-PC-Doctor-Software"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2019/Jun/29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.dell.com/support/article/il/en/ilbsdt1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource",
        "VDB Entry"
      ],
      "url": "https://www.us-cert.gov/ncas/current-activity/2019/06/21/Dell-Releases-Security-Advisory-Dell-SupportAssist"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

msrc_cve-2019-12280

Vulnerability from csaf_microsoft

Published

2019-06-02 00:00

Modified

2025-10-01 23:11

Summary

PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2019-12280 PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-12280.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.",
    "tracking": {
      "current_release_date": "2025-10-01T23:11:01.000Z",
      "generator": {
        "date": "2025-10-19T17:34:35.815Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2019-12280",
      "initial_release_date": "2019-06-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-10-01T23:11:01.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 toolbox 0.0.18-9",
                "product": {
                  "name": "\u003ccbl2 toolbox 0.0.18-9",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 toolbox 0.0.18-9",
                "product": {
                  "name": "cbl2 toolbox 0.0.18-9",
                  "product_id": "16995"
                }
              }
            ],
            "category": "product_name",
            "name": "toolbox"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 toolbox 0.0.18-9 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 toolbox 0.0.18-9 as a component of CBL Mariner 2.0",
          "product_id": "16995-17086"
        },
        "product_reference": "16995",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-12280",
      "cwe": {
        "id": "CWE-427",
        "name": "Uncontrolled Search Path Element"
      },
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "16995-17086"
        ],
        "known_affected": [
          "17086-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2019-12280 PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2019/msrc_cve-2019-12280.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-10-01T23:11:01.000Z",
          "details": "0.0.18-9:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "17086-1"
          ]
        }
      ],
      "title": "PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element."
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-12280 (GCVE-0-2019-12280)

Vulnerability from cvelistv5

cnvd-2019-19312

Vulnerability from cnvd

var-201906-0576

Vulnerability from variot

I. VULNERABILITY

II. CVE REFERENCE

III. VENDOR

V. TIMELINE

VI. CREDIT

VII. SOLUTION

ghsa-mf28-xm36-jhfj

Vulnerability from github

gsd-2019-12280

Vulnerability from gsd

fkie_cve-2019-12280

Vulnerability from fkie_nvd

msrc_cve-2019-12280

Vulnerability from csaf_microsoft

Tags

Sightings

Nomenclature