Secunia Research has discovered a vulnerability in My Firewall Plus, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the application windows running with SYSTEM privileges and the application not checking if explorer.exe is running before performing certain actions. This can be exploited to launch iexplore.exe with SYSTEM privileges by terminating explorer.exe and then use the "Test Your Firewall" functionality. Affected is My Firewall Plus version 5.0 Build 1119.
ee159e8046e5a86fbf500118e4328f30c3a6fe4b3df866772f1585f7ae99b181