what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Protector Plus Antivirus 8/9 Privilege Escalation

Protector Plus Antivirus 8/9 Privilege Escalation
Posted Sep 16, 2009
Authored by ShineShadow

Protector Plus Antivirus versions 8 and 9 suffer from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 508be0b39c021c2af95a977841499251799cd5c282f8f1fdef56d86e98e33f26

Protector Plus Antivirus 8/9 Privilege Escalation

Change Mirror Download
ShineShadow Security Report 15092009-09

TITLE

Local privilege escalation vulnerability in Protector Plus antivirus software

BACKGROUND

Protector Plus range of antivirus products are known the world over for
their efficiency and reliability. Protector Plus Antivirus Software is
available for Windows Vista, Windows XP, Windows Me, Windows 2000,
Windows 98, Windows 2000/2003/NT server and NetWare platforms. Protector
Plus Antivirus Software is the ideal antivirus protection for your
computer against all types of malware like viruses, trojans, worms and
spyware.

-- www.pspl.com

VULNERABLE PRODUCTS

Protector Plus 2009 for Windows Desktops (8.0.E03)
Protector Plus 2009 for Windows Server (8.0.E03)
Protector Plus Professional (9.1.001)

Previous versions may also be affected

DETAILS

Protector Plus installs the own program files with insecure permissions
(Everyone - Full Control). Local attacker (unprivileged user) can
replace some files (for example, executable files of Protector services)
by malicious file and execute arbitary code with SYSTEM privileges. This
is local privilege escalation vulnerability.

For example, the following attack scenario could be used:
1. An attacker (unprivileged user) renames one of the Protector program
files (below, the FILE). For example, the FILE could be - PPAVMON.exe
(Protector Plus Anti-virus Monitor Service).
2. An attacker copies his malicious executable file (with same name as
the old filename of the FILE - PPAVMON.exe) to Protector folder.
3. Restart the system.
After restart attackers malicious file will be executed with SYSTEM
privileges.

EXPLOITATION

This is local privilege escalation vulnerability. An attacker must have
valid logon credentials to a system where vulnerable software is
installed.

WORKAROUND

No workarounds

DISCLOSURE TIMELINE

31/08/2009 Initial vendor notification. Secure contacts requested.
01/09/2009 Vendor response
03/09/2009 Vulnerability details sent. Confirmation requested. – no reply
09/09/2009 Vulnerability details sent. Confirmation requested. – no reply
11/09/2009 Last attempt to get reply from vendor. Vulnerability details sent. Confirmation requested. – no reply
15/09/2009 Advisory released

CREDITS

Maxim A. Kulakov (aka ShineShadow)
ss_contacts[at]hotmail.com


Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close