SUPERAntiSpyware Professional X Trial Privilege Escalation

2020.08.28
Credit: b1nary
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-264

# Exploit Title: SUPERAntiSpyware Professional X Trial < 10.0.1206 Local Privilege Escalation # Date: 2020-08-28 # Exploit Author: b1nary # Vendor Homepage: https://www.superantispyware.com/ # Software Link: https://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWARE # Version: 10.0.1206 (lower versions are affected as well) # Vulnerability Description SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 are vulnerable to local privilege escalation because it allows unprivileged users to restore quarantined files to a privileged location through a NTFS directory junction. # Proof of Concept 1. Place a dll payload in an empty folder 2. Scan the payload with the SUPERAntiSpyware Professional X Trial in order to get it detected. 3. Once it is detected and moved to quarantine, create a NTFS directory junction. 4. Restore the payload and reboot the system. Full PoC video: https://www.youtube.com/watch?v=jdcqbev-H5I # References https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top