CVE-2007-4649 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2007-4649

CWE

https://cwe.mitre.org/data/definitions/264.html

MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.

Affected Software

Name	Vendor	Start Version	End Version
Escan_anti-virus	Microworld_technologies	9.0.722.1 (including)	9.0.722.1 (including)
Escan_internet_security	Microworld_technologies	9.0.722.1 (including)	9.0.722.1 (including)
Escan_virus_control	Microworld_technologies	9.0.722.1 (including)	9.0.722.1 (including)

References

http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065509.html
http://secunia.com/advisories/26581
http://securityreason.com/securityalert/3085
http://www.securityfocus.com/bid/25493
https://exchange.xforce.ibmcloud.com/vulnerabilities/36367