Unquoted Windows Search Path Vulnerability in Microsoft Antispyware
CVE-2005-2940

Currently unrated

Key Information:

Vendor: Microsoft
Status: Antispyware
Vendor: CVE Published:; 18 November 2005

Summary

The unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) poses a significant risk, as it enables local users to gain elevated privileges through a maliciously crafted file named 'program.exe' placed in the C: directory. This vulnerability affects several executable components within the software, including GIANTAntiSpywareMain.exe, gcASNotice.exe, gcasServ.exe, gcasSWUpdater.exe, and GIANTAntiSpywareUpdater.exe, potentially allowing unauthorized access and manipulation of system resources.

References

http://www.securityfocus.com/bid/15448

vdb-entryx_refsource_BID

http://www.idefense.com/application/poi/display?id=340&ty...

third-party-advisoryx_refsource_IDEFENSE

http://securitytracker.com/id?1015226

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Nov 18, 2005
Vulnerability Reserved
Sep 15, 2005