AntiVir PersonalEdition Classic: Local Privilige Escalation

2006.03.12
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-Other


CVSS Base Score: 7.2/10
Impact Subscore: 10/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Application: AntiVir PersonalEdition Classic Site: http://www.free-av.de/ Version: 7 and maybe lower OS: Windows XP, Windows 2000 Bugs: Local Privilige Escalation Product: ===== AntiVir PersonalEdition Classic Windows from Avira GmbH protects your computer from viruses, malware, unwanted programs and other dangers. About: ===== A few days ago I discovered a little 'Local Privilege Escalation' Bug in the current version of AntiVir PersonalEdition Classic. Description: ===== Part of AntiVir PersonalEdition Classic is a service called 'AntiVir PersonalEdition Classic Planer' which runs with SYSTEM rights. If you start the update process using the GUI, AntiVir will show you a status window. After finishing the process AntiVir offers you a report. Open the report using the button 'Report' and AntiVir will open the report in the well known application 'notepad.exe'. Well, since the update was initiated by the service 'AntiVir PersonalEdition Classic Planer', which runs with SYSTEM rights, notepad.exe inherits these rights now. Use 'notepad.exe' to *run* 'compmgmt.msc' for example and... Well, you know what might happen now. History: ===== 2006-03-04: Found the Bug and mailed Vendor 2006-03-05: Response from vendor, checking the problem 2006-03-09: Response from vendor, fix is on the way. ports -- SYS 64767


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top