PC Tools AntiVirus Insecure Directory Permissions Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1016634 |
|
SecurityTracker URL: http://securitytracker.com/id/1016634
|
|
CVE Reference:
CVE-2006-3114
(Links to External Site)
|
Date: Aug 3 2006
|
Impact:
Execution of arbitrary code via local system, Modification of user information, Root access via local system
|
|
Version(s): 2.1.0.51
|
Description:
A vulnerability was reported in PC Tools AntiVirus. A local user can gain System level privileges.
The application installs with insecure default permissions. The 'PC Tools AntiVirus' directory is configured with 'Full Control' permissions for the 'Everyone' group. A local user can modify files in the directory to cause the application to execute arbitrary commands with System level privileges.
The vendor was notified on July 19, 2006.
Carsten Eiram of Secunia Research discovered this vulnerability.
The original advisory is available at:
http://secunia.com/secunia_research/2006-51/advisory/
|
Impact:
A local user can modify application files to execute arbitrary code with System level privileges.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.pctools.com/anti-virus/ (Links to External Site)
|
Cause:
Access control error, Configuration error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 3 Aug 2006 09:21:08 -0400
Subject: PC Tools AntiVirus Insecure Default Directory Permissions
|
http://secunia.com/secunia_research/2006-51/advisory/
CVE-2006-3114
|
|
