NOD32 Privilege Escalation Vulnerabilities

Discussion in 'spyware news and general information' started by NICK ADSL UK, Apr 7, 2006.

Thread Status:
Not open for further replies.

    NICK ADSL UK Administrator

    May 13, 2003
    NOD32 Privilege Escalation Vulnerabilities

    Secunia Advisory: SA19054
    Release Date: 2006-04-05

    Less critical
    Impact: Privilege escalation

    Where: Local system

    Solution Status: Vendor Patch

    Software: NOD32 for Windows NT/2000/XP/2003 2.x

    Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

    CVE reference: CVE-2006-0951

    Two vulnerabilities have been reported in NOD32, which can be exploited by malicious, local users to gain escalated privileges.

    1) The NOD32 GUI (nod32.exe) runs with SYSTEM privileges when a scheduled on-demand scan is being run by the scheduler. This can be exploited to invoke cmd.exe with SYSTEM privileges when a scheduled scan is running.

    The vulnerability has been confirmed in version 2.5 for WinNT/2k/XP/2003 (nod32krn.exe/nod32.exe Other versions may also be affected.

    2) The program doesn't drop its SYSTEM privileges before allowing a user to use the "Restore to..." feature to restore a quarantined file. This can be exploited to write a file to an arbitrary directory with SYSTEM privileges if a file with the given filename doesn't already exist.

    Update to version 2.51.26 or later.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.