CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-8461
https://notcve.org/view.php?id=CVE-2019-8461
29 Aug 2019 — Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user. Check Point Endpoint Security Initial Client para Windows versión anterior a E81.30, intenta cargar una biblioteca DLL localizada en cualquier ubicación de RUTA (PATH) en una imagen limp... • https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM • CWE-114: Process Control CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-8459
https://notcve.org/view.php?id=CVE-2019-8459
20 Jun 2019 — Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without using quotes in the path. This can cause loading of a previously placed executable with a name similar to the parts of the path, instead of the intended one. Check Point Endpoint Security Client para Windows, con el VPN blade, anterior a versión E80.83, inicia un proceso sin usar comillas en la ruta (path). Esto puede causar la carga de un ejecutable previamente colocado con un nombre simila... • https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk124972#Resolved%20Issues • CWE-428: Unquoted Search Path or Element •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-8458
https://notcve.org/view.php?id=CVE-2019-8458
20 Jun 2019 — Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate. Check Point Endpoint Security Client para Windows, con Anti-Malware blade instalado, anterior a versión E81.00, intenta car... • https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk153053 • CWE-114: Process Control •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2012-2753
https://notcve.org/view.php?id=CVE-2012-2753
19 Jun 2012 — Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en TrGUI.exe en el Endpoint Connect (aka EPC) GUI en Check Point Endpoint Security R73.x y E80.x en la plataforma VPN blade... • http://archives.neohapsis.com/archives/bugtraq/2012-06/0069.html •