PT-2011-2842 · Rapid7 · Metasploit Framework
Publicado
2011-02-21
·
Atualizado
2011-06-20
·
CVE-2011-1056
CVSS v2.0
6.2
Média
| Vetor | AV:L/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Metasploit Framework version 3.5.1
Description
The issue concerns the installer for the Metasploit Framework, which, when running on Windows, uses weak inherited permissions for the Metasploit installation directory. This weakness allows local users to gain privileges by replacing critical files with a Trojan horse.
Recommendations
For Metasploit Framework version 3.5.1, consider restricting access to the Metasploit installation directory to prevent local users from replacing critical files until a fix is available.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Metasploit Framework