53 lines
No EOL
1.8 KiB
Text
53 lines
No EOL
1.8 KiB
Text
|
||
Spybot Search & Destroy 1.6.2 Security Center Service Privilege Escalation
|
||
|
||
|
||
Vendor: Safer-Networking Ltd.
|
||
Product web page: http://www.safer-networking.org
|
||
Affected version: 1.6.2
|
||
|
||
Summary: Spybot – Search & Destroy (S&D) is a spyware and adware removal
|
||
computer program compatible with Microsoft Windows 95 and later. It scans
|
||
the computer hard disk and/or RAM for malicious software.
|
||
|
||
Desc: The application suffers from an unquoted search path issue impacting
|
||
the service 'SBSDWSCService' for Windows deployed as part of Spybot S&D.
|
||
This could potentially allow an authorized but non-privileged local
|
||
user to execute arbitrary code with elevated privileges on the system. A
|
||
successful attempt would require the local user to be able to insert their
|
||
code in the system root path undetected by the OS or other security applications
|
||
where it could potentially be executed during application startup or reboot.
|
||
If successful, the local user’s code would execute with the elevated privileges
|
||
of the application.
|
||
|
||
Tested on: Microsoft Windows Ultimate 7 SP1 (EN)
|
||
|
||
|
||
Vulnerability discovered by Aljaz Ceru
|
||
aljaz@insec.si
|
||
|
||
|
||
Advisory ID: ZSL-2015-5237
|
||
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5237.php
|
||
|
||
|
||
17.02.2015
|
||
|
||
---
|
||
|
||
|
||
C:\Users\user>sc qc SBSDWSCService
|
||
[SC] QueryServiceConfig SUCCESS
|
||
|
||
SERVICE_NAME: SBSDWSCService
|
||
TYPE : 10 WIN32_OWN_PROCESS
|
||
START_TYPE : 2 AUTO_START
|
||
ERROR_CONTROL : 1 NORMAL
|
||
BINARY_PATH_NAME : C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
|
||
LOAD_ORDER_GROUP :
|
||
TAG : 0
|
||
DISPLAY_NAME : SBSD Security Center Service
|
||
DEPENDENCIES : wscsvc
|
||
SERVICE_START_NAME : LocalSystem
|
||
|
||
C:\Users\user> |