Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-15724
CVE-2020-15724:
360 Total Security vulnerability analysis and mitigation
Overview
In version 12.1.0.1005 and below of 360 Total Security, a local privilege escalation vulnerability exists when the Gamefolde calls GameChrome.exe. This vulnerability was discovered between May and June 2020 and was assigned CVE-2020-15724 (360 Security, NVD).
Technical details
The vulnerability occurs when the Gamefolde component calls GameChrome.exe. The specific issue allows attackers to exploit DLL hijacking to bypass the HIPS (Host Intrusion Prevention System) protection mechanism (360 Security).
Impact
If successfully exploited, this vulnerability allows an attacker to execute arbitrary code on the local system with elevated privileges (360 Security, NVD).
Mitigation and workarounds
Users should upgrade to a version newer than 12.1.0.1005 of 360 Total Security to address this vulnerability (360 Security).
Community reactions
The vulnerability was responsibly disclosed by a security researcher known as "Windows no bugs" to 360 Security Response Center. The company awarded the researcher as part of their bug bounty program and issued a CVE for tracking the vulnerability (360 Security).
Additional resources
Source: This report was generated using AI
Related 360 Total Security vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management