SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Security)  >   Quick Heal Total Security Vendors:   Quick Heal Technologies
Quick Heal Total Security Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1023225
SecurityTracker URL:  http://securitytracker.com/id/1023225
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Nov 23 2009
Original Entry Date:  Nov 23 2009
Impact:   Execution of arbitrary code via local system, Root access via local system
Exploit Included:  Yes  
Version(s): 2009; possibly other versions
Description:   Nishant Das Patnaik reported a vulnerability in Quick Heal Total Security. A local user can obtain elevated privileges on the target system.

The software installs program files with 'Full Control' privileges for the 'Everyone' group. A local user can modify the executable files to cause arbitrary code to be executed on the target system with System privileges when the system starts up.

The 'SCANWSCS.EXE' and 'OPSSVC.EXE' files are affected.

Quick Heal Antivirus Plus 2009 is also affected.

Impact:   A local user can obtain System privileges on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.quickheal.co.in/ (Links to External Site)
Cause:   Access control error, Configuration error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Sun, 22 Nov 2009 14:20:33 +0530
Subject:  Vulnerability Report *Edited*

Hello,

My Name is Nishant Das Patnaik. I'm an independent security researcher based
out at India. I have discovered a Local Escalation of Privilege
Vulnerability in multiple products of Quick Heal Technologies Pvt. Ltd.

Details are available in the attached file.

--
Best Regards

Nishant Das Patnaik


TITLE
-----
Local privilege escalation vulnerability in Quick Heal Total Security 2009

BACKGROUND
----------
 	
Quick Heal Internet Security 2009, with its intuitive and easy-to-use interface, provides complete protection against Internet threats. It provides a safe and secure experience while you are browsing, Online Banking, Online Shopping, Chatting and playing games online. Once installed it acts as a shield against viruses, worms, trojans, spywares and other malicious threats. It also provides protection against new and unknown viruses using Quick Healís renowned DNAScan technology, blocks malicious websites and prevents spam mails from reaching your mailbox. Quick Heal Internet Security 2010 is very low on resource usage and gives enhanced protection without slowing down your computer.

-- www.quickheal.co.in

VENDOR
------
Quick Heal Technologies Pvt. Ltd. (India)
www.quickheal.co.in
info@quikheal.com

VULNERABLE PRODUCTS (TARGET)
-------------------
Antivirus Plus 2009
Total Security 2009

Previous versions are very likely to be affected

DETAILS (NATURE OF PROBLEM)
-------
Quick Heal Total Security 2009 installs the own program files with insecure permissions
(Everyone - Full Control). Local attacker (unprivileged user) can
replace some files (for example, executable files of Total Security 2009 services)
by malicious file and execute arbitary code with SYSTEM privileges. This
is local privilege escalation vulnerability.
 
For example, the following attack scenario could be used:

1. An attacker (unprivileged user) renames one of the program
files (below, the FILE). For example, the FILE could be any of the following

SCANWSCS.EXE
OPSSVC.EXE

2. An attacker copies his malicious executable file (with same name as
the old filename of the FILE - SCANWSCS.exe) to program files folder.

3. Restart the system.
After restart attackers malicious file will be executed with SYSTEM
privileges.

EXPLOITATION
------------
This is local privilege escalation vulnerability. An attacker must have
valid logon credentials to a system where vulnerable software is
installed.

WORKAROUND
----------
No workarounds

CREDITS 

Nishant Das Patnaik
nishant.dp[at]gmail.com

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC