exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Rising Products Local Privilege Escalation

Rising Products Local Privilege Escalation
Posted Oct 27, 2009
Authored by ShineShadow

Multiple Rising products suffers from a local privilege escalation vulnerability. These include, but are not limited to, Rising Antivirus 2009, Rising Internet Security 2009, and Rising Personal Firewall 2009.

tags | advisory, local
SHA-256 | 39c918aba278593ad4defd575cb088df7895aa20e2c5728c83d254c558ecdea8

Rising Products Local Privilege Escalation

Change Mirror Download
ShineShadow Security Report 28102009-13

TITLE

Rising Multiple Products Local Privilege Escalation Vulnerability

BACKGROUND

RISING has introduced a variety of operating system based antivirus software, firewall software and enterprise antivirus wall, firewall, network security warning system and other hardware products. RISING is the third company in the world and the only one in China to provide a full range of information security products and professional services.
RISING is catering to over 60 million personal users and more than 70,000 corporate customers in Asia, Europe and Northern America. RISING technology for the search of unknown computer viruses is recognized and protected by patents in Europe, Japan and the United States of America.

Source: http://www.rising-global.com

VULNERABLE PRODUCTS

Rising Antivirus 2009 (21.62.04)
Rising Internet Security 2009 (21.62.04)
Rising Personal Firewall 2009 (21.62.04)
Prior versions may also be affected.

DETAILS

Rising installs the own program files with insecure permissions (Users: Full Control). Local attacker (unprivileged user) can replace some files (for example, executable files of Rising services) by malicious file and execute arbitrary code with SYSTEM privileges. This is local privilege escalation vulnerability.
For example, in Rising Antivirus 2009 the following attack scenario could be used:
1. An attacker (unprivileged user) replaces one of the Rising Antivirus program files by malicious executable file. For example, the replacing file could be - %Program Files%\Rising\RAV\RavTask.exe (Rising RavTask Manager).
2. Restart the system.
After restart attackers malicious file will be executed with SYSTEM privileges.
Self-defense of the Rising Antivirus will prevent all operations with Rising program files. It can be bypassed using internal shell dialogs in the Rising Antivirus (for example, "Save as" dialog in Tools -> Installer Creation Tool -> Browse).
For other vulnerable Rising products similar attack scenario could be used.

EXPLOITATION

An attacker must have valid logon credentials to a system where vulnerable software is installed.

WORKAROUND

No workarounds

DISCLOSURE TIMELINE

31/08/2009 Initial vendor notification. Secure contacts requested.
31/08/2009 Vendor response
02/09/2009 Vulnerability details sent. Confirmation requested.
03/09/2009 Vendor accepted vulnerability for analysis
14/09/2009 Vendor response: "This issue is not a vulnerability. During program designing, Rising Virus Lab has known Rising program files could be modified by this way. However, few malware attacks Antivirus through the method. And, we have not detected any malware do this until now."
14/09/2009 I informed vendor about the possible attack scenarios. No reply.
17/09/2009 Resend message
17/09/2009 Vendor accepted information for analysis
06/10/2009 Planned disclosure date has been sent to vendor
10/10/2009 Vendor notified me that vulnerability will be fixed only in 2010 edition of the vulnerable products
12/10/2009 Query for the 2010 edition release date
12/10/2009 Vendor response that the release date is unknown
28/10/2009 Advisory released

CREDITS

Maxim A. Kulakov (ShineShadow)
ss_contacts[at]hotmail.com
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close