Spy Sweeper Enterprise Windows Tray Icon Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1012652 |
|
SecurityTracker URL: http://securitytracker.com/id/1012652
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Dec 22 2004
|
Impact:
Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 1.5.1 (Build 3698)
|
Description:
A vulnerability was reported in Spy Sweeper Enterprise. A local user can gain elevated privileges.
Secunia Research reported that Spy Sweeper Enterprise's Windows tray icon loads the help function with System privileges. A local user can exploit 'SpySweeperTray.exe' to execute arbitrary code with System level privileges.
The vendor was notified on November 15, 2004.
Carsten Eiram of Secunia Research discovered this flaw.
|
Impact:
A local user can execute arbitrary code with System level privileges.
|
Solution:
The vendor has issued a fixed version (2.0).
|
Vendor URL: www.webroot.com/products/spysweeper/enterprise/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 21 Dec 2004 13:54:09 +0100
Subject: [Full-Disclosure] Secunia Research: Spy Sweeper Enterprise Client
|
======================================================================
Secunia Research 21/12/2004
- Spy Sweeper Enterprise Client Privilege Escalation Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10
======================================================================
1) Affected Software
Spy Sweeper Enterprise 1.5.1 (Build 3698)
NOTE: Other versions may also be affected.
======================================================================
2) Severity
Rating: Less Critical
Impact: Privilege Escalation
Where: Local System
======================================================================
3) Vendor's Description of Software
Spy Sweeper Enterprise:
"Webroot Spy Sweeper Enterprise provides comprehensive spyware
protection for corporations. Using a client / server architecture,
Spy Sweeper Enterprise proactively detects and removes all forms of
spyware and malware within the organization".
Product link:
http://www.webroot.com/products/spysweeper/enterprise/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in Spy Sweeper
Enterprise, which can be exploited by malicious, local users to gain
escalated privileges.
The vulnerability is caused due to the Spy Sweeper Enterprise Client
"SpySweeperTray.exe" process invoking the help functionality with
SYSTEM privileges.
This can be exploited to execute arbitrary commands on a system with
escalated privileges.
======================================================================
5) Solution
The vendor has issued version 2.0, which fixes the vulnerability.
======================================================================
6) Time Table
15/11/2004 - Vulnerability discovered.
15/11/2004 - Vendor notified.
15/11/2004 - Vendor response.
19/12/2004 - Vendor issues version 2.0.
21/12/2004 - Public disclosure.
======================================================================
7) Credits
Discovered by Carsten Eiram, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has not
currently assigned the vulnerability a candidate number.
======================================================================
9) About Secunia
Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:
http://secunia.com/
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2004-14/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
|
|
