CVE-2007-5254

Name of the Vulnerable Software and Affected Versions: VirusBlokAda Vba32 AntiVirus version 3.12.2

Description: The issue concerns weak permissions set for the installation directory of the software, specifically 'Everyone:Write' permissions. This weakness allows local users to escalate their privileges by replacing application programs. For example, an attacker could replace the vba32ldr.exe file to gain elevated access.

Recommendations: For VirusBlokAda Vba32 AntiVirus version 3.12.2, consider restricting write access to the installation directory to prevent local users from replacing application programs until a patch is available. As a temporary workaround, changing the permissions of the installation directory to remove write access for the 'Everyone' group can help mitigate the risk.