|
Brought to you by:
Suppliers of:
|
|
|
| |
| Local privilege escalation vulnerability in Protector Plus antivirus software. Protector Plus range of antivirus products are known the world over for their efficiency and reliability. |
| |
Credit:
The information has been provided by Maxim A. Kulakov.
|
| |
Vulnerable Systems:
* Protector Plus 2009 for Windows version 8.0.E03
Protector Plus 2009 for Windows Server version 8.0.E03
Protector Plus Professional version 9.1.001
Protector Plus installs its own program files with insecure permissions (Everyone - Full Control). Local attacker (unprivileged user) can replace some files (for example, executable files of Protector services) withh a malicious file and execute arbitary code with SYSTEM privileges. This is local privilege escalation vulnerability.
For example, the following attack scenario could be used:
1. An attacker (unprivileged user) renames one of the Protector program files (below, the FILE). For example, the FILE could be - PPAVMON.exe (Protector Plus Anti-virus Monitor Service).
2. An attacker copies his malicious executable file (with same name as the old filename of the FILE - PPAVMON.exe) to Protector folder.
3. Restart the system. After restart attackers malicious file will be executed with SYSTEM privileges.
Disclosure Timeline:
31/08/2009 Initial vendor notification. Secure contacts requested.
01/09/2009 Vendor response
03/09/2009 Vulnerability details sent. Confirmation requested.
09/09/2009 Vulnerability details sent. Confirmation requested.
11/09/2009 Last attempt to get reply from vendor. Vulnerability details sent. Confirmation requested.
15/09/2009 Advisory released
--------------------------------------------------------------------------------------------------------------------------------
Learn how website security by scanning is reducing the risk of vulnerabilities like this.
-
|
|
|
|
|
