Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Security App Flaws :: hack2505.htm

McAfee VirusScan Privilege Escalation vuln



McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE]



McAfee VirusScan Privilege Escalation Vulnerability



iDEFENSE Security Advisory 09.14.04:



I. BACKGROUND



McAfee VirusScan is a popular real-time virus protection application.

For more information see http://www.mcafee.com. 



II. DESCRIPTION



Local exploitation of a design error vulnerability in Networks

Associates Technology Inc.'s McAfee VirusScan could allow attackers to

obtain increased privileges.



The problem specifically exists because SYSTEM privileges are not

dropped when accessing the "System Scan" properties from the System

Tray applet. The vulnerability can be exploited by right-clicking the

System Tray icon, choosing "Properties", selecting "System Scan",

then, from the "Report" tab, selecting "Browse...". The opened file

selected can be abused by navigating to C:\WINDOWS\SYSTEM32\,

right-clicking cmd.exe, then selecting "Open"; doing so spawns a

command shell with SYSTEM privileges.



III. ANALYSIS



Exploitation allows local users to obtain Local System privileges,

thereby providing them with complete control of the affected system.



IV. DETECTION



McAfee VirusScan version 4.5.1 running on Windows 2000 Professional

and Windows XP Professional operating systems is vulnerable. It is

suspected that McAfee VirusScan 4.5 is also vulnerable.



V. WORKAROUND



iDEFENSE is currently unaware of any workarounds for this issue.



VI. VENDOR FIX



The vendor does not appear to have provided a patch for this issue.

However, due to design changes in the GUI, this vulnerability does not

appear to exist in later versions of the product.



VII. CVE INFORMATION



The Common Vulnerabilities and Exposures (CVE) project has assigned the

names CAN-2004-0831 to these issues. This is a candidate for inclusion

in the CVE list (http://cve.mitre.org), which standardizes names for 

security problems.



VIII. DISCLOSURE TIMELINE



08/12/2004   Initial vendor notification - no response

08/12/2004   iDEFENSE clients notified

09/02/2004   Secondary vendor notification - no response

09/14/2004   Public disclosure



Ian Vitek is credited with this discovery.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH