PT-2007-5807 · Microworld · Microworld Internet Security+2
Edi Strosar
·
Publicado
2007-08-31
·
Atualizado
2017-07-29
·
CVE-2007-4649
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
MicroWorld eScan Virus Control version 9.0.722.1
MicroWorld Anti-Virus version 9.0.722.1
MicroWorld Internet Security version 9.0.722.1
Description:
The issue allows local users to gain privileges by replacing application files due to weak permissions set for the installation directory trees. This is demonstrated by the potential to modify traysser.exe.
Recommendations:
For MicroWorld eScan Virus Control version 9.0.722.1, consider restricting access to the installation directory to prevent unauthorized file replacements.
For MicroWorld Anti-Virus version 9.0.722.1, restrict write access to the application files to mitigate the risk of exploitation.
For MicroWorld Internet Security version 9.0.722.1, limit permissions on the installation directory to prevent local users from modifying sensitive files.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Microworld Anti-Virus
Microworld Internet Security
Microworld Escan Virus Control