ESTsoft ALUpdate 8.5.1.0.0 Privilege Escalation

2014.10.29
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-264


Ogólna skala CVSS: 4.6/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 3.9/10
Wymagany dostęp: Lokalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

# Title: ESTsoft ALUpdate Privilege Escalation Vulnerablity # Version: 8.5.1.0.0 # Tested on: Windows XP SP2 en # Vendor: http://www.altools.com/ # E-Mail: osanda[at]unseen.is # Author: Osanda Malith Jayathissa # /!\ Author is not responsible for any damage you cause # Use this material for educational purposes only # CVE: CVE-2014-8494 - Description ============== The "ALUpdate" folder and the "ALUpdate.exe" has been granted with full permissions to the "Users" group. Any user other than the administrator could plant malware or bind malware to the original EXE file. This is valid to any software you download from the vendor. - Proof of Concept =================== C:\Program Files\ESTsoft>cacls ALUpdate C:\Program Files\ESTsoft\ALUpdate BUILTIN\Users:(OI)(CI)F NT SERVICE\TrustedInstaller:(ID)F NT SERVICE\TrustedInstaller:(CI)(IO)(ID)F NT AUTHORITY\SYSTEM:(ID)F NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(ID)F BUILTIN\Administrators:(ID)F BUILTIN\Administrators:(OI)(CI)(IO)(ID)F BUILTIN\Users:(ID)R BUILTIN\Users:(OI)(CI)(IO)(ID)(special access:) GENERIC_READ GENERIC_EXECUTE CREATOR OWNER:(OI)(CI)(IO)(ID)F C:\Program Files\ESTsoft>cd ALUpdate C:\Program Files\ESTsoft\ALUpdate>cacls ALUpdate.exe C:\Program Files\ESTsoft\ALUpdate\ALUpdate.exe BUILTIN\Users:(ID)F NT AUTHORITY\SYSTEM:(ID)F BUILTIN\Administrators:(ID)F


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top