|
|
| |
My Firewall Plus is a "Corporate strength firewall for your personal PC".
Secunia Research has discovered a vulnerability in My Firewall Plus, which can be exploited by malicious, local users to gain escalated privileges. |
| |
Credit:
The information has been provided by Carsten H. Eiram.
The original article can be found at: http://secunia.com/secunia_research/2004-16/
|
| |
Vulnerable Systems:
* My Firewall Plus version 5.0 (build 1117)
The vulnerability is caused due to the "Smc.exe" process invoking the help functionality with SYSTEM privileges.
This can be exploited to execute arbitrary programs on a system with escalated privileges.
Solution:
Apply patch: http://www.webroot.com/services/MFP_Patch.exe
Time Table:
15/11/2004 - Vulnerability discovered.
15/11/2004 - Vendor notified.
15/11/2004 - Vendor response.
16/12/2004 - Vendor issues patch.
21/12/2004 - Public disclosure.
|
|
|
