NOD32 local privilege escalation vulnerability

2006.04.04

Credit: visitbipin hotmail com

Risk: Low

Local: Yes

Remote: No

CVE: CVE-2006-1649

CWE: CWE-Other

CVSS Base Score: 7.2/10

Impact Subscore: 10/10

Exploitability Subscore: 3.9/10

Exploit range: Local

Attack complexity: Low

Authentication: No required

Confidentiality impact: Complete

Integrity impact: Complete

Availability impact: Complete

NOD32 local privilege escalation vulnerability

Not affected: > Version 2.51.26
Tested on: Winxp sp2
Risk: Average

To escalate the system privilage, the option 'quarentine a file' in NOD32 can be exploited & a malicious file can be copied to the quarentine and using the 'restore to...' option it can be  dropped to the directory in which the STSTEM user just had read-only permession.

Note: from lower privilege, this trick can write a file to any directory in which the user has read-only access to but can't overwrite a file if the file-name already exists.

Vendor Website: www.eset.com
Vender reported: Mar 24, 2006
Patch release: Apr 4, 2006 (Version 2.51.26)

POC video & detail description: http://bipin.securityhead.com/NOD32.zip

--

Bipin Gautam
http://bipin.tk

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

NOD32 local privilege escalation vulnerability

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

NOD32 local privilege escalation vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.