lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4412D104.6010503@portsonline.net>
Date: Sat, 11 Mar 2006 14:30:44 +0100
From: Ramon 'ports' Kukla <ml2@...tsonline.net>
To: bugtraq@...urityfocus.com
Subject: AntiVir PersonalEdition Classic: Local Privilige Escalation


Application: AntiVir PersonalEdition Classic
Site:        http://www.free-av.de/
Version:     7 and maybe lower
OS:          Windows XP, Windows 2000
Bugs:        Local Privilige Escalation


Product:
=====
AntiVir PersonalEdition Classic Windows from Avira GmbH protects your
computer from viruses, malware, unwanted programs and other dangers.


About:
=====
A few days ago I discovered a little 'Local Privilege Escalation' Bug
in the current version of AntiVir PersonalEdition Classic.


Description:
=====
Part of AntiVir PersonalEdition Classic is a service called 'AntiVir
PersonalEdition Classic Planer' which runs with SYSTEM rights. If you
start the update process using the GUI, AntiVir will show you a status
window. After finishing the process AntiVir offers you a report. Open
the report using the button 'Report' and AntiVir will open the report
in the well known application 'notepad.exe'. Well, since the update was
initiated by the service 'AntiVir PersonalEdition Classic Planer',
which runs with SYSTEM rights, notepad.exe inherits these rights now.
Use 'notepad.exe' to *run* 'compmgmt.msc' for example and...
Well, you know what might happen now.


History:
=====
2006-03-04: Found the Bug and mailed Vendor
2006-03-05: Response from vendor, checking the problem
2006-03-09: Response from vendor, fix is on the way.



ports

-- 
SYS 64767


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ