CVE-2018-15491

EUVD-2018-7369
A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
zemanaantilogger
𝑥
< 1.9.3.602
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/mspaling/zemana-exclusions-poc/blob/master/zemana-whitelist-poc.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/148554
https://github.com/mspaling/zemana-exclusions-poc/blob/master/zemana-whitelist-poc.txt