Secunia Security Advisory - Luka Milkovic has reported some vulnerabilities in SUPERAntiSpyware, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.
5c1d12e732ea088f60d359525fb61ebc40f7c1a4b1b9eb0a3a23d31b8412b01c
----------------------------------------------------------------------
Use WSUS to deploy 3rd party patches
Public BETA
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/
----------------------------------------------------------------------
TITLE:
SUPERAntiSpyware Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA38917
VERIFY ADVISORY:
http://secunia.com/advisories/38917/
DESCRIPTION:
Luka Milkovic has reported some vulnerabilities in SUPERAntiSpyware,
which can be exploited by malicious, local users to cause a DoS
(Denial of Service) or gain escalated privileges.
1) The SASENUM.sys kernel driver passes user-space pointers in calls
to e.g. ZwQueryObject(). This can be exploited to cause a
NULL-pointer dereference and crash an affected system via specially
crafted IOCTLs.
2) A boundary error exists in SASKUTIL.sys when processing user-space
registration requests. This can be exploited to cause a buffer
overflow with process ID values and cause a system crash.
3) An error exists in SASKUTIL.sys when processing
IOCTL_SABKUTIL_ZWOPENPROCESS requests. This can be exploited to
corrupt kernel memory and cause a system crash via invalid parameters
passed to ZwOpenProcess().
4) The SASKUTIL.sys driver passes user-mode parameters to the
ZwQueryValueKey() function. This can be exploited to overwrite
arbitrary memory and potentially gain escalated privileges via a
specially crafted IOCTL_SABKUTIL_QUERY_VALUE request.
5) The SASKUTIL.sys driver provides wrappers against registry and
file functions. This can be exploited to read arbitrary files and
registry keys, and modify arbitrary registry keys via specially
crafted IOCTLs.
6) SASKUTIL.sys allows unrestricted access to the
SetVistaTokenInformation() function. This can be exploited to cause a
crash or gain escalated privileges via a specially crafted
IOCTL_SABKUTIL_SET_VISTA_TOKEN_INFORMATION request.
7) An error in SASKUTIL.sys can be exploited to gain escalated
privileges via a specially crafted
IOCTL_SABKUTIL_SET_VISTA_PRIVILEGES_FOR_CURRENT_PROCESS request.
The vulnerabilities are reported in version 4.33.1000. Other versions
may also be affected.
SOLUTION:
Update to version 4.34.1000, which fixes some of the
vulnerabilities.
Restrict local access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
Luka Milkovic
ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0195.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------