Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0581

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-0581
Last Modified 05 Sep 2008 05:35:27
Published 04 Feb 2008 10:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-0581

Summary

Geert Moernaut LSrunasE allows local users to gain privileges by obtaining the encrypted password from a batch file, and constructing a modified batch file that specifies this password in the /password switch and specifies an arbitrary program in the /command switch.

Vulnerable Systems

Application

  • Moernaut Lsrunase 1.0

  • Moernaut Supercrypt 1.0


References

BUGTRAQ - 20080129 Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340)

SREASON - 3611


Last Updated: 27 May 2016 10:46:52