Adobe related service (getPlus_HelperSvc.exe) local elevation of privileges

2009-07-21 / 2012-01-30
Credit: Nine:Situations:Group
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2009-2564
CWE: CWE-264


CVSS Base Score: 7.2/10
Impact Subscore: 10/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Adobe related service (getPlus_HelperSvc.exe) local elevation of privileges by Nine:Situations:Group description: Adobe downloader used to download updates for Adobe applications. Shipped with Acrobat Reader 9.x vendor: Nos Microsystems poc: C:\>sc qc "getPlus(R) Helper" [SC] GetServiceConfig SUCCESS SERVICE_NAME: getPlus(R) Helper TYPE : 110 WIN32_OWN_PROCESS (interactive) START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Programmi\NOS\bin\getPlus_HelperSvc.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : getPlus(R) Helper DEPENDENCIES : RPCSS SERVICE_START_NAME : LocalSystem C:\>cacls "C:\Programmi\NOS\bin\getPlus_HelperSvc.exe" C:\Programmi\NOS\bin\getPlus_HelperSvc.exe BUILTIN\Users:F <-------------- [!!!] NT AUTHORITY\SYSTEM:F The executable files is installed with improper permissions, with "full control" for Builtin Users; a simple user can replace it with a binary of choice. At the next reboot it will run with SYSTEM privileges. original url: http://retrogod.altervista.org/9sg_adobe_local.html

References:

http://retrogod.altervista.org/9sg_adobe_local.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top