|
|
|
|
| |
Credit:
The information has been provided by iDefense.
The original article can be found at: http://www.idefense.com/application/poi/display?id=351&type=vulnerabilities
|
| |
Vulnerable Systems:
* Trend Micro PC-Cillin Internet Security 2005 version 12.00 build 1244.
Immune Systems:
* Trend Micro PC-Cillin Internet Security 2005 version 12.4
The vulnerabilities specifically exist in the default Access Control List (ACL) settings that are applied during installation. When an administrator installs an affected Trend Micro product, the default ACL
allows any user to modify the installed files. Due to the fact that some of the programs run as system services, a user could replace an installed Trend Micro product file with their own malicious code, and
the code would be executed with system privileges.
Successful exploitation allows local attackers to escalate privileges to the system level. It is also possible to use this vulnerability to simply disable protection by moving all of the executable files so that they cannot start upon a reboot. Once disabled, the products are no longer able to provide threat mitigation, thus opening the machine up to attack.
Workaround:
Apply proper Access Control List settings to the directory that the affected Trend Micro product is installed in. The ACL rules be set so that no regular users can modify files in the directory.
CVE Information:
CVE-2005-3360
Disclosure Timeline:
10/27/2005 - Initial vendor notification
10/27/2005 - Initial vendor response
12/14/2005 - Public disclosure
|
|
|
|
|
