SecurityAlert : 672 CVE : CVE-2006-1649 SecurityRisk : Low (About) Remote Exploit : No Local Exploit : Yes Exploit Available : No Credit : visitbipin hotmail com Published : 04.04.2006
Affected Software :
NOD32
Advisory Content :
NOD32 local privilege escalation vulnerability
Not affected: > Version 2.51.26
Tested on: Winxp sp2
Risk: Average
To escalate the system privilage, the option 'quarentine a file' in NOD32
can be exploited & a malicious file can be copied to the quarentine and
using the 'restore to...' option it can be dropped to the directory in
which the STSTEM user just had read-only permession.
Note: from lower privilege, this trick can write a file to any directory in
which the user has read-only access to but can't overwrite a file if the
file-name already exists.
POC video & detail description: http://bipin.securityhead.com/NOD32.zip
--
Bipin Gautam
http://bipin.tk
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.