TITLE: NOD32 Privilege Escalation Vulnerabilities SECUNIA ADVISORY ID: SA19054
VERIFY ADVISORY: http://secunia.com/advisories/19054/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: NOD32 for Windows NT/2000/XP/2003 2.x http://secunia.com/product/1066/ DESCRIPTION: Two vulnerabilities have been reported in NOD32, which can be exploited by malicious, local users to gain escalated privileges. 1) The NOD32 GUI (nod32.exe) runs with SYSTEM privileges when a scheduled on-demand scan is being run by the scheduler. This can be exploited to invoke cmd.exe with SYSTEM privileges when a scheduled scan is running. The vulnerability has been confirmed in version 2.5 for WinNT/2k/XP/2003 (nod32krn.exe/nod32.exe 2.51.20.0). Other versions may also be affected. 2) The program doesn't drop its SYSTEM privileges before allowing a user to use the "Restore to..." feature to restore a quarantined file. This can be exploited to write a file to an arbitrary directory with SYSTEM privileges if a file with the given filename doesn't already exist. SOLUTION: Update to version 2.51.26 or later. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2006-17/ ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
