Local Privilege Escalation in MicroWorld eScan Virus Control and Internet Security Products
CVE-2007-4649

Currently unrated

Key Information:

Vendor

Microworld Technologies

Status
Escan Anti-virus
Escan Virus Control
Escan Internet Security
Vendor
CVE Published:
31 August 2007

What is CVE-2007-4649?

MicroWorld eScan Virus Control and its related products are plagued by a vulnerability arising from weak permissions set to 'Everyone: Full Control' in the installation directory. This misconfiguration permits local users to elevate their privileges by substituting application files, potentially leading to malicious actions. The vulnerability is particularly illustrated by the modification of 'traysser.exe', emphasizing the urgent need to secure installation paths and restrict access rights to prevent unauthorized alterations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://securityreason.com/securityalert/3085
third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/bid/25493
vdb-entryx_refsource_BID
http://secunia.com/advisories/26581
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.