MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Escan_anti-virus | Microworld_technologies | 9.0.722.1 (including) | 9.0.722.1 (including) |
| Escan_internet_security | Microworld_technologies | 9.0.722.1 (including) | 9.0.722.1 (including) |
| Escan_virus_control | Microworld_technologies | 9.0.722.1 (including) | 9.0.722.1 (including) |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065509.html
- http://secunia.com/advisories/26581
- http://securityreason.com/securityalert/3085
- http://www.securityfocus.com/bid/25493
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36367
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065509.html
- http://secunia.com/advisories/26581
- http://securityreason.com/securityalert/3085
- http://www.securityfocus.com/bid/25493
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36367