CVE-2018-10716
Description
An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because WM_CLOSE is not properly considered.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local users can terminate protected processes in 2345 Security Guard 3.7.0 by sending WM_CLOSE messages, bypassing intended process protections.
Vulnerability
The vulnerability resides in Shanghai 2345 Security Guard version 3.7.0. The executables 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe do not properly handle the WM_CLOSE message, allowing local users to bypass intended process protections. Affected versions: 3.7.0.
Exploitation
An attacker with local access can send a WM_CLOSE message to the target process using standard Windows API calls. No special privileges are required beyond local user access. A proof-of-concept is available in the referenced GitHub repository [1].
Impact
Successful exploitation allows a local user to terminate the protected processes, which may disrupt the security guard's functionality. This could lead to denial of service or bypass of security monitoring.
Mitigation
As of the publication date (2018-05-03), no official patch has been disclosed. Users should consider upgrading to a newer version if available, or restrict local access to trusted users. The vendor (Shanghai 2345) may have released updates after this date; check for the latest version.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =3.7.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
News mentions
0No linked articles in our index yet.