KLA11105
A vulnerability in CCleaner and CCleaner Cloud
Updated: 09/10/2018
CVSS
?
7.5
Detect date
?
09/18/2017
Severity
?
Critical
Description

A vulnerability was found in CCleaner and CCleaner Cloud. This vulnerability can be exploited remotely to obtain sensitive information or execute arbitrary code.



Technical details

An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address on affected systems.

This vulnerability affects only 32-bit Windows systems.

NB: This vulnerability does not have any public CVSS rating.

Affected products

CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 on 32-bit Windows systems

Solution

Update to the latest version
Download CCleaner

Original advisories

Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Windows users

Related products
CCleaner