ESTsoft ALTools Updater Insecure File Permissions Privilege Escalation

2016.09.30

zaeek (PL)

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: ESTsoft ALTools Updater Insecure File Permissions Privilege Escalation
# Date: 26/09/2016
# Exploit Author: zaeek@protonmail.com
# Vendor Homepage: http://www.estsoft.com/
# Version: 10.4.26.1
# Tested on: Windows 7 32/64bit

====Description====

ESTsoft ALTools Updater for Windows lacks of proper file permissions, creating a vector for privilege escalation attack.
To properly exploit this vulnerability, the local attacker must overwrite the vulnerable file(s) with his malicious ones, as he has full Read/Write rights to the given file.

====Proof-of-Concept====

C:\Program Files\ESTsoft\ALUpdate>icacls ALUpdate.exe
ALUpdate.exe BUILTIN\Users:(I)(F)
             NT AUTHORITY\SYSTEM:(I)(F)
             BUILTIN\Administrators:(I)(F)

Successfully processed 1 files; Failed processing 0 files

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ESTsoft ALTools Updater Insecure File Permissions Privilege Escalation

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.