|
|
 |
| New User, Welcome! Login |
{PRL} Rising Antivirus 2009 Privilege Escalation
| From: |
Protek Research Lab <protekresearchlab yahoo ca> |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
{PRL} Rising Antivirus 2009 Privilege Escalation |
| Date: |
Tue - Oct 27, 2009 08:45 AM |
#####################################################################################
Application: Rising Antivirus 2009
Platforms: Windows XP Professional SP2
Exploitation: Privilege Escalation
Date: 2009-10-26
Author: Francis Provencher (Protek Research Lab's)
#####################################################################################
1) Introduction
2) Technical details
3) The Code (N/A)
#####################################################################################
===============
1) Introduction
===============
Rising Antivirus 2009
Protects your computers against all types of viruses, Trojans, Worms, Rootkits and other malicious programs. Ease of use, Active Defense technology, Patented Unknown Virus Scan&Clean technology and Patented Smartupdate technology make RISING Antivirus ' install-and-forget ' product that lets you focus on what you really want to do.
(from Rising Anti-virus website)
#####################################################################################
============================
2) Technical details
============================
Rising Antivirus 2009
Build 21.28.32
All files under the install folder have Full control for BUILTIN\users and can be replace with malicious files.
... snip ...
C:\Program Files\Rising\Rav\RavTask.exe BUILTIN\Utilisateurs:F
BUILTIN\Utilisateurs avec pouvoir:C
BUILTIN\Administrateurs:F
AUTORITE NT\SYSTEM:F
FUZZYXP\francis:F
... snip ...
C:\>WHOAMI.EXE
FUZZYXP\francis
C:\>telnet 127.0.0.1 4444
C:\>WHOAMI.EXE
WHOAMI.EXE
AUTORITE NT\SYSTEM
#####################################################################################
===========
3) The Code
===========
N\A
#####################################################################################
(PRL-2009-13)
__________________________________________________________________
The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
