33 lines
No EOL
1.1 KiB
Text
33 lines
No EOL
1.1 KiB
Text
source: https://www.securityfocus.com/bid/25493/info
|
|
|
|
Multiple MicroWorld eScan products are vulnerable to a local privilege-escalation vulnerability because of insecure default file permissions.
|
|
|
|
Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers.
|
|
|
|
The following are vulnerable:
|
|
|
|
eScan Internet Security 9.0.722.1
|
|
eScan Virus Control 9.0.722.1
|
|
eScan AntiVirus 9.0.722.1
|
|
|
|
UPDATE (September 4, 2008): The following additional products have been reported as vulnerable:
|
|
|
|
eScan Corporate 9.0.x
|
|
eScan Professional 9.0.x
|
|
eScan Workstation Server 9.0.x
|
|
eScan Web and Mail Filter 9.0.x
|
|
MailScan for Mail-Server 5.6a
|
|
MailScan for SMTP Server 5.6a
|
|
X-Spam for SMTP Servers 5.6a
|
|
|
|
Other versions and software packages may also be affected.
|
|
|
|
- logon as LUA user
|
|
- rename traysser.exe to traysser.exe.BAK
|
|
- copy program.exe to eScan installation directory
|
|
- rename program.exe to traysser.exe
|
|
- restart the computer
|
|
- "rootshell" ;)
|
|
|
|
NOTE: traysser.exe is eScan Server Updater Service that
|
|
runs as NT AUTHORITY\SYSTEM. |