Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4649

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2007-4649
Last Modified 05 Sep 2008 05:28:46
Published 31 Aug 2007 07:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-4649

Summary

MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.

Vulnerable Systems

Application

  • Microworld Technologies Escan Anti-virus 9.0.722.1

  • Microworld Technologies Escan Internet Security 9.0.722.1

  • Microworld Technologies Escan Virus Control 9.0.722.1


References

XF - escan-directory-insecure-permissions(36367)

BID - 25493

SECUNIA - 26581

FULLDISC - 20070829 Multiple eScan products insecure file permissions

SREASON - 3085


Last Updated: 27 May 2016 10:45:56