CVE-2020-15723 in 360 Total Securityinfo

Summary

by MITRE

In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. An attacker who could exploit DLL hijacking to bypass the hips could execute arbitrary code on the Local system.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/22/2020

The vulnerability CVE-2020-15723 represents a critical local privilege escalation flaw within 360 Total Security version 12.1.0.1004 and earlier releases. This weakness arises from the insecure execution practices of the main security process when invoking the GameChrome.exe component. The vulnerability stems from improper handling of dynamic link library loading sequences, creating opportunities for malicious code injection through DLL hijacking techniques that bypass existing security mechanisms. The flaw specifically manifests when the primary 360 Total Security process launches GameChrome.exe, establishing a privileged execution context that can be exploited by adversaries with local access.

The technical implementation of this vulnerability involves a classic DLL hijacking attack vector where malicious libraries are loaded in place of legitimate ones during the execution chain. When the main 360 process calls GameChrome.exe, the system searches for required DLL dependencies in predictable locations without proper validation of the library sources. This behavior creates an attack surface where an attacker can place a malicious DLL in the search path, causing the system to execute unauthorized code with elevated privileges. The vulnerability operates at the operating system level, leveraging Windows DLL loading mechanisms and the trust model that allows processes to load libraries from specified directories without cryptographic verification.

The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with complete system compromise capabilities. Once exploited, the malicious code runs with the privileges of the 360 Total Security process, which typically operates with elevated permissions to perform system-level security functions. This privilege escalation allows adversaries to modify system files, install persistent backdoors, access sensitive user data, and potentially establish footholds for further lateral movement within network environments. The vulnerability affects systems where 360 Total Security is installed with administrative privileges, making it particularly dangerous in enterprise environments where security software often runs with elevated permissions.

Mitigation strategies for CVE-2020-15723 focus on both immediate remediation and long-term architectural improvements. The most effective immediate solution involves updating to 360 Total Security version 12.1.0.1005 or later, which addresses the insecure DLL loading behavior through proper library validation and secure path resolution. Organizations should also implement application whitelisting policies to restrict execution of unauthorized binaries, employ process monitoring to detect suspicious DLL loading patterns, and conduct regular security audits of installed security software. From a defensive perspective, this vulnerability aligns with ATT&CK technique T1055 for process injection and T1068 for local privilege escalation, while the underlying DLL hijacking mechanism corresponds to CWE-426. System administrators should also consider implementing the principle of least privilege for security software installations and regularly review installed applications for known vulnerabilities through vulnerability management programs.

Reservation

07/14/2020

Moderation

accepted

CPE

ready

EPSS

0.00478

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!