Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1149

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-1149
Last Modified 10 Sep 2008 03:29:19
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1149

Summary

Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.

Vulnerable Systems

Application

  • Ca Etrust Ez Antivirus 7.0

  • Ca Etrust Ez Antivirus 7.0.1

  • Ca Etrust Ez Antivirus 7.0.1.1

  • Ca Etrust Ez Antivirus 7.0.1.2

  • Ca Etrust Ez Antivirus 7.0.1.3

  • Ca Etrust Ez Antivirus 7.0.1.4

  • Ca Etrust Ez Antivirus 7.0.2

  • Ca Etrust Ez Antivirus 7.0.2.1

  • Ca Etrust Ez Antivirus 7.0.3

  • Ca Etrust Ez Antivirus 7.0.4


References

XF - etrust-antivirus-insecure-permissions(18502)

IDEFENSE - 20041215 Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability

CONFIRM - http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter


Last Updated: 27 May 2016 10:38:55