CVE Vulnerabilities

CVE-2007-4649

Published: Aug 31, 2007 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.

Affected Software

Name Vendor Start Version End Version
Escan_anti-virus Microworld_technologies 9.0.722.1 9.0.722.1
Escan_virus_control Microworld_technologies 9.0.722.1 9.0.722.1
Escan_internet_security Microworld_technologies 9.0.722.1 9.0.722.1

References