Allock Video to Ipod converter - Insecure File Permissions

2018.08.10
fr ZwX (FR) fr
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

===================================================== [#] Exploit Title : Allock Video to Ipod converter - Insecure File Permissions [#] Date Discovered : 2018-08-09 [#] Affected Product(s): Allock Video to Ipod converter v6.2.1217 - Software [#] Exploitation Technique: Local [#] Severity Level: Low [#] Tested OS : Windows 7 ===================================================== [#] Product & Service Introduction: =================================== Allok 3GP PSP MP4 iPod Video Converter contains Video to 3GP Converter, Video to PSP Converter, Video to PS3 Converter, Video to MP4 Converter, Video to iPod Converter, Video to Zune Converter, Video to Xbox Converter. It is a AVI/3GP/MP4 file conversion for your portable media player (MP4 player), iPod, Apple TV, PSP, PS3, Zune, Xbox360, Archos, Cellular Phone, Pocket PC, Palm etc .Integrated world class MPEG4/H264 encoder brings you amazing video quality with super fast conversion speed. (Copy of the Vendor Homepage: http://www.alloksoft.com/ ) [#] Technical Details & Description: ==================================== Insecure File Permissions vulnerability has been discovered in the official WampServer v3.0.6 software. The vulnerability exists due to insecure default permissions set on the Allok Video to 'iPod Converter.exe' and 'avep.exe' or 'unins000.exe' A local attacker could exploit this vulnerability by replacing 'iPod Converter.exe' and 'avep.exe' or 'unins000.exe' with a malicious executable file. The malicious file could execute or modify with the LocalSystem permissions. Proof of Concept (PoC): ======================= Allock Video to Ipod converter for Windows contains a vulnerability that could allow a local attacker to gain elevated privileges. -- PoC Session Logs (Permissions) -- C:\Program Files\Allok Video to iPod Converter>icacls *.exe Allok Video to iPod Converter.exe Tout le monde:(I)(F) <- permissions AUTORITE NT\Système:(I)(F) BUILTIN\Administrateurs:(I)(F) BUILTIN\Utilisateurs:(I)(RX) avep.exe Tout le monde:(I)(F) <- permissions AUTORITE NT\Système:(I)(F) BUILTIN\Administrateurs:(I)(F) BUILTIN\Utilisateurs:(I)(RX) unins000.exe Tout le monde:(I)(F) <- permissions AUTORITE NT\Système:(I)(F) BUILTIN\Administrateurs:(I)(F) BUILTIN\Utilisateurs:(I)(RX) 3 fichiers correctement traités ; échec du traitement de 0 fichiers Solution - Fix & Patch: ======================= Include multiple integrity checks for the software files on startup and during the static runtime. Change the access permissions for the process of all three executables files ('iPod Converter.exe' and 'avep.exe' or 'unins000.exe'). [+] Disclaimer [+] =================== Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and prohibits any malicious use of all security related information or exploits by the author or elsewhere. Contact: msk4@live.fr Social: twitter.com/ZwX2a Advisory: www.vulnerability-lab.com/show.php?user=ZwX packetstormsecurity.com/files/author/12026/ cxsecurity.com/search/author/DESC/AND/FIND/0/10/ZwX/ 0day.today/author/27461


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top