SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   PC Tools AntiVirus Vendors:   PC Tools
PC Tools AntiVirus Insecure Directory Permissions Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1016634
SecurityTracker URL:  http://securitytracker.com/id/1016634
CVE Reference:   CVE-2006-3114   (Links to External Site)
Date:  Aug 3 2006
Impact:   Execution of arbitrary code via local system, Modification of user information, Root access via local system

Version(s): 2.1.0.51
Description:   A vulnerability was reported in PC Tools AntiVirus. A local user can gain System level privileges.

The application installs with insecure default permissions. The 'PC Tools AntiVirus' directory is configured with 'Full Control' permissions for the 'Everyone' group. A local user can modify files in the directory to cause the application to execute arbitrary commands with System level privileges.

The vendor was notified on July 19, 2006.

Carsten Eiram of Secunia Research discovered this vulnerability.

The original advisory is available at:

http://secunia.com/secunia_research/2006-51/advisory/

Impact:   A local user can modify application files to execute arbitrary code with System level privileges.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.pctools.com/anti-virus/ (Links to External Site)
Cause:   Access control error, Configuration error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC