CVE-2018-17775 in Seqrite End Point Security
Summary
by MITRE
Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 10/18/2025
The vulnerability identified as CVE-2018-17775 resides within Seqrite End Point Security version 7.4, representing a critical privilege escalation flaw that stems from improper file system permissions. This issue manifests through the configuration of "Everyone: (F)" permissions on the %PROGRAMFILES%\Seqrite\Seqrite directory path, which grants full control access to all local users. The fundamental flaw lies in the excessive permission model where the security software itself creates an insecure environment by providing unrestricted file system access to a directory that contains critical executable components.
The technical exploitation of this vulnerability occurs through a straightforward yet effective method of privilege escalation. Local users can leverage the broad permissions to replace legitimate executable files with malicious Trojan horse variants, effectively gaining elevated privileges within the system. This approach bypasses normal access controls and security boundaries that should normally prevent unauthorized modifications to protected system components. The vulnerability directly relates to CWE-276, which addresses incorrect permissions for critical resources, and specifically demonstrates how inadequate access control can lead to privilege escalation scenarios.
From an operational perspective, this vulnerability creates a significant risk for organizations deploying Seqrite End Point Security, as it transforms any local user account into a potential threat actor with elevated system privileges. The impact extends beyond simple privilege escalation to encompass potential system compromise, data exfiltration, and lateral movement capabilities. Attackers can utilize this vulnerability to establish persistent access, deploy additional malware, or manipulate security controls to evade detection mechanisms. The vulnerability's exploitation requires minimal technical skill and provides substantial operational advantages to threat actors, making it particularly dangerous in environments where local user access is not strictly controlled.
Organizations should implement immediate mitigations including the removal of excessive permissions from the Seqrite installation directory and the application of proper access control lists that restrict file system modifications to authorized administrative accounts only. The recommended solution involves reviewing and tightening the permission model on the %PROGRAMFILES%\Seqrite\Seqrite directory to ensure that only necessary accounts have write access. Additionally, implementing application whitelisting policies and regular security audits can help detect and prevent unauthorized modifications to critical system components. This vulnerability highlights the importance of following security best practices such as the principle of least privilege and proper file system access control management, which aligns with established frameworks like NIST SP 800-53 control families that emphasize access control and system configuration management.