CVE-2020-15723: 
360 Total Security vulnerability analysis and mitigation

In the version 12.1.0.1004 and below of 360 Total Security, when the main process of 360 Total Security calls GameChrome.exe, there exists a local privilege escalation vulnerability. The vulnerability was discovered and reported between May and June 2020, and was publicly disclosed on July 21, 2020. This vulnerability affects 360 Total Security software versions 12.1.0.1004 and below (360 Security News).

The vulnerability allows an attacker to perform DLL hijacking to bypass the HIPS (Host Intrusion Prevention System) protection mechanism. When the main process of 360 Total Security calls GameChrome.exe, the application fails to properly validate the loading of DLL files, creating a security weakness that can be exploited (360 Security News).

A successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the local system with elevated privileges. The vulnerability requires local access to the system to exploit (360 Security News).

The vulnerability has been patched in versions after 12.1.0.1004. Users are advised to update their 360 Total Security software to the latest version to protect against this vulnerability. As of the disclosure date, no information leakage or losses were reported due to this vulnerability (360 Security News).

The vulnerability was responsibly disclosed by a security researcher identified as "Windows no bugs" who provided detailed reports including discovery methods, vulnerability locations, and exploitation techniques with video demonstrations. The vendor acknowledged the researcher's contribution with a monetary reward of $2,100 USD (360 Security News).