[<prev] [next>] [day] [month] [year] [list]
Message-ID: <6078C809E871495BBAAEDCFB601E7F07@localhost>
Date: Sat, 4 May 2013 17:42:37 +0200
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: <bugtraq@...urityfocus.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Vulnerability in Microsoft Security Essentials
<v4.2
Hi @ll,
versions of Microsoft Security Essentials before the current
v4.2 (see <https://support.microsoft.com/kb/2805304>) have a
vulnerability that could lead to execution of arbitrary code
in the security context of the LocalSystem account (almost like
<https://support.microsoft.com/kb/2781197> alias
<http://technet.microsoft.com/security/bulletin/ms13-034>).
The "UninstallString" written to
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]
"UninstallString"="C:\\Program Files\\Microsoft Security Client\\Setup.exe /X"
contains unquoted spaces.
This command may be called by Windows Update Agent or deployment
agents running under the LocalSystem account.
Timeline:
~~~~~~~~~
2012-12-05 vendor informed
2013-12-06 vendor acknowledged report
2013-02-13 vendor released fixed version
Stefan Kanthak
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists