|
Brought to you by:
Suppliers of:
|
|
|
| |
| Rising installs the own program files with insecure permissions (Users: Full Control). Local attacker (unprivileged user) can replace some files (for example, executable files of Rising services) by malicious file and execute arbitrary code with SYSTEM privileges. This is local privilege escalation vulnerability. |
| |
Credit:
The information has been provided by Maxim A. Kulakov.
|
| |
Vulnerable Systems:
* Rising Antivirus 2009 (21.62.04)
* Rising Internet Security 2009 (21.62.04)
* Rising Personal Firewall 2009 (21.62.04)
For example, in Rising Antivirus 2009 the following attack scenario could be used:
1. An attacker (unprivileged user) replaces one of the Rising Antivirus program files by malicious executable file. For example, the replacing file could be - %Program Files%\Rising\RAV\RavTask.exe (Rising RavTask Manager).
2. Restart the system. After restart attackers malicious file will be executed with SYSTEM privileges. Self-defense of the Rising Antivirus will prevent all operations with Rising program files. It can be bypassed using internal shell dialogs in the Rising Antivirus (for example, "Save as" dialog in Tools -> Installer Creation Tool -> Browse).
For other vulnerable Rising products similar attack scenario could be used.
An attacker must have valid logon credentials to a system where vulnerable software is installed.
Disclosure Timeline:
31/08/2009 Initial vendor notification. Secure contacts requested.
31/08/2009 Vendor response
12/10/2009 Vendor response that the release date is unknown
28/10/2009 Advisory released
|
|
|
|
|
