Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2940

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2005-2940
Last Modified 05 Sep 2008 04:53:02
Published 18 Nov 2005 01:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2940

Summary

Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935.

Vulnerable Systems

Application

  • Microsoft Antispyware 1.0.509


References

BID - 15448

IDEFENSE - 20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability

SECTRACK - 1015226


Last Updated: 27 May 2016 10:40:40