65 matches found
CVE-2017-20201
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...
CVE-2017-20201
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...
CVE-2017-20201 CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 Malicious Backdoor Supply Chain Compromise
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...
EUVD-2025-33278
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...
CVE-2017-20201 CCleaner v5.33.6162 & CCleaner Cloud v1.07.3191 Malicious Backdoor Supply Chain Compromise
CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...
CCleaner和CCleaner Cloud 安全漏洞
CCleaner and CCleaner Cloud are both products of CCleaner, a UK-based company.CCleaner is a system cleaner and optimizer.CCleaner Cloud is a cloud-based system cleaner and optimizer. A security vulnerability exists in CCleaner version v5.33.6162 and CCleaner Cloud version v1.07.3191, which...
PT-2025-41312
Name of the Vulnerable Software and Affected Versions CCleaner versions 5.33.6162 CCleaner Cloud versions 1.07.3191 Description CCleaner and CCleaner Cloud contained a malicious pre-entry-point loader that redirects execution to a custom loader. This loader decodes an embedded blob into shellcode...
EUVD-2015-4029
Malware in sbrugna...
EUVD-2025-29181
Malicious code in bioql PyPI...
Gen Digital CCleaner Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Gen Digital CCleaner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Some interaction on the part of an administrato...
CVE-2025-3025
Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting insecure file delete operations. Reported in CCleaner v. 6.33.11465. This issue affects CCleaner: before 6.36.11508...
CVE-2025-3025
Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting insecure file delete operations. Reported in CCleaner v. 6.33.11465. This issue affects CCleaner: before 6.36.11508...
CVE-2025-3025
Gen Digital CCleaner for Windows is affected by CVE-2025-3025 through insecure file deletion in the Cleaning feature. The root cause is unsafe deletion operations that enable a local user to escalate to SYSTEM privileges (reported on CCleaner v6.33.11465; affected before v6.36.11508). Exploitatio...
CVE-2025-3025 CCleaner Link Following Local Privilege Escalation Vulnerability
Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting insecure file delete operations. Reported in CCleaner v. 6.33.11465. This issue affects CCleaner: before 6.36.11508...
CVE-2025-3025 CCleaner Link Following Local Privilege Escalation Vulnerability
Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting insecure file delete operations. Reported in CCleaner v. 6.33.11465. This issue affects CCleaner: before 6.36.11508...
PT-2025-37479
Name of the Vulnerable Software and Affected Versions Gen Digital CCleaner versions prior to 6.36.11508 Description A local user can gain SYSTEM privileges through insecure file delete operations within the cleaning feature on Windows. Recommendations Update to version 6.36.11508 or later...
Gen Digital CCleaner 安全漏洞
Gen Digital CCleaner is a system optimization and cleanup tool from Gen Digital USA. A security vulnerability exists in Gen Digital CCleaner versions prior to 6.36.11508, which stems from an unsafe file deletion operation in the cleanup function that could lead to a local user gaining SYSTEM...
Avast, NordVPN Breaches Tied to Phantom User Accounts
Antivirus and security giant Avast and virtual private networking VPN software provider NordVPN each today disclosed months-long network intrusions that -- while otherwise unrelated -- shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with...
Avast Network Breached As Hackers Target CCleaner Again
Czech antivirus vendor Avast on Monday warned that hackers were able to access its internal network using a temporary VPN account. Avast said that it believes that the intrusion, first detected on Sept. 25, was likely targeting its CCleaner business in a supply chain attack. CCleaner, which is...
A week in security (September 23 – 29)
Last week on Labs, we highlighted an Emotet campaign using Snowden’s new book as a lure, discussed how 15,000 webcams are vulnerable to attack, how insurance data security laws skirt political turmoil, and how the new iOS exploit checkm8 allows permanent compromise of iPhones. Other cybersecurity...