Bug: NOD32 local privilege escalation vulnerability (WLB-2006040007 Ascii Version)

	WLB2
Full List

Bugs

Bogus

Tricks

Exploits

	CVE MAP
Full List

Vendors

Products

	Tools
CWE Dictionary

Google Hacking

	Search
General

CVE

CWE

	RSS
Full List

Bugs

Exploits

Dorks

	Information
Our services

Add note

About



	Submit
To add a note, use this form or send email to submit@cxsecurity.com When contacting via email, we recommend coded messages. Get our PGP public key

Topic:	NOD32 local privilege escalation vulnerability
Credit:	visitbipin hotmail com
Date:	2006.04.04
CWE:	N/A
CVE:	CVE-2006-1649 (Show details) Use CVE to see details like: - CVSS2, - Affected Software, - References

Risk	Local		Remote
Low	Yes		No

NOD32 local privilege escalation vulnerability

Not affected: > Version 2.51.26
Tested on: Winxp sp2
Risk: Average

To escalate the system privilage, the option 'quarentine a file' in NOD32 can be exploited & a malicious file can be
copied to the quarentine and using the 'restore to...' option it can be dropped to the directory in which the STSTEM
user just had read-only permession.

Note: from lower privilege, this trick can write a file to any directory in which the user has read-only access to but
can't overwrite a file if the file-name already exists.

Vendor Website: www.eset.com
Vender reported: Mar 24, 2006
Patch release: Apr 4, 2006 (Version 2.51.26)

POC video & detail description: http://bipin.securityhead.com/NOD32.zip

--

Bipin Gautam
http://bipin.tk

[ ASCII VERSION ]

Bug: NOD32 local privilege escalation vulnerability (WLB-2006040007 Ascii Version)

use this form