Quick Heal Total Security Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID: 1023225|
SecurityTracker URL: http://securitytracker.com/id/1023225
(Links to External Site)
Updated: Nov 23 2009|
Original Entry Date: Nov 23 2009
Execution of arbitrary code via local system, Root access via local system|
Exploit Included: Yes |
Version(s): 2009; possibly other versions|
Nishant Das Patnaik reported a vulnerability in Quick Heal Total Security. A local user can obtain elevated privileges on the target system.|
The software installs program files with 'Full Control' privileges for the 'Everyone' group. A local user can modify the executable files to cause arbitrary code to be executed on the target system with System privileges when the system starts up.
The 'SCANWSCS.EXE' and 'OPSSVC.EXE' files are affected.
Quick Heal Antivirus Plus 2009 is also affected.
A local user can obtain System privileges on the target system.|
No solution was available at the time of this entry.|
Vendor URL: www.quickheal.co.in/ (Links to External Site)
Access control error, Configuration error|
|Underlying OS: Windows (Any)|
Source Message Contents
Date: Sun, 22 Nov 2009 14:20:33 +0530|
Subject: Vulnerability Report *Edited*
My Name is Nishant Das Patnaik. I'm an independent security researcher based
out at India. I have discovered a Local Escalation of Privilege
Vulnerability in multiple products of Quick Heal Technologies Pvt. Ltd.
Details are available in the attached file.
Nishant Das Patnaik
Local privilege escalation vulnerability in Quick Heal Total Security 2009
Quick Heal Internet Security 2009, with its intuitive and easy-to-use interface, provides complete protection against Internet threats. It provides a safe and secure experience while you are browsing, Online Banking, Online Shopping, Chatting and playing games online. Once installed it acts as a shield against viruses, worms, trojans, spywares and other malicious threats. It also provides protection against new and unknown viruses using Quick Healís renowned DNAScan technology, blocks malicious websites and prevents spam mails from reaching your mailbox. Quick Heal Internet Security 2010 is very low on resource usage and gives enhanced protection without slowing down your computer.
Quick Heal Technologies Pvt. Ltd. (India)
VULNERABLE PRODUCTS (TARGET)
Antivirus Plus 2009
Total Security 2009
Previous versions are very likely to be affected
DETAILS (NATURE OF PROBLEM)
Quick Heal Total Security 2009 installs the own program files with insecure permissions
(Everyone - Full Control). Local attacker (unprivileged user) can
replace some files (for example, executable files of Total Security 2009 services)
by malicious file and execute arbitary code with SYSTEM privileges. This
is local privilege escalation vulnerability.
For example, the following attack scenario could be used:
1. An attacker (unprivileged user) renames one of the program
files (below, the FILE). For example, the FILE could be any of the following
2. An attacker copies his malicious executable file (with same name as
the old filename of the FILE - SCANWSCS.exe) to program files folder.
3. Restart the system.
After restart attackers malicious file will be executed with SYSTEM
This is local privilege escalation vulnerability. An attacker must have
valid logon credentials to a system where vulnerable software is
Nishant Das Patnaik