PT-2018-4022 · Absolute · Absolute Computrace Agent

Published

2018-05-11

Updated

2018-06-14

CVE-2009-5150

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Absolute Computrace Agent versions V80.845 through V80.866

Description The issue allows attackers to set up communication with a website other than the intended search.namequery.com site by modifying data within a disk's inter-partition space. This enables a privileged local user to execute arbitrary code, even after losing access and all disk partitions are reformatted.

Recommendations For Absolute Computrace Agent versions V80.845 through V80.866, consider restricting access to the inter-partition space of the disk to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2009-5150

Affected Products

Absolute Computrace Agent

PT-2018-4022 · Absolute · Absolute Computrace Agent

CVE-2009-5150

Weakness Enumeration

Related Identifiers

Affected Products

References · 2