Privilege escalation exploit that makes use of a stack-based buffer overflow in the eTrust Antivirus Agent r8.
f33a1cab9a63b6dd8ca4be43b61dc9d69bef382cb4c183b7b8205e313760ff5ciDefense Security Advisory 05.09.07 - Local exploitation of a buffer overflow vulnerability in Computer Associates International Inc.'s (CA) eTrust Antivirus allows attackers to execute arbitrary code with SYSTEM privileges. The Task Service component of eTrust Antivirus, InoTask.exe, is used to schedule and execute tasks such as scanning the system for virii. The service uses a shared file mapping to share information about scheduled tasks. The file mapping has a NULL security descriptor, which allows any user to modify its contents. By modifying a string inside of this mapping an attacker can trigger a stack based overflow in the InoTask process. iDefense confirmed that CA eTrust Antivirus r8 on Windows is vulnerable.
23745af47fac9dfdd602231dff89be840467e8837cb44af4d3af559b2314a15f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed