PT-2007-5807 · Microworld · Microworld Internet Security+2
Edi Strosar
·
Published
2007-08-31
·
Updated
2017-07-29
·
CVE-2007-4649
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
MicroWorld eScan Virus Control version 9.0.722.1
MicroWorld Anti-Virus version 9.0.722.1
MicroWorld Internet Security version 9.0.722.1
Description:
The issue allows local users to gain privileges by replacing application files due to weak permissions set for the installation directory trees. This is demonstrated by the potential to modify traysser.exe.
Recommendations:
For MicroWorld eScan Virus Control version 9.0.722.1, consider restricting access to the installation directory to prevent unauthorized file replacements.
For MicroWorld Anti-Virus version 9.0.722.1, restrict write access to the application files to mitigate the risk of exploitation.
For MicroWorld Internet Security version 9.0.722.1, limit permissions on the installation directory to prevent local users from modifying sensitive files.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Microworld Anti-Virus
Microworld Internet Security
Microworld Escan Virus Control