Local Privilege Escalation in MicroWorld eScan Virus Control and Internet Security Products
CVE-2007-4649

Currently unrated

Key Information:

Vendor: Microworld Technologies
Status: Escan Anti-virus; Escan Virus Control; Escan Internet Security
Vendor: CVE Published:; 31 August 2007

🔔 Create Microworld Technologies Vulnerability Alert

What is CVE-2007-4649?

MicroWorld eScan Virus Control and its related products are plagued by a vulnerability arising from weak permissions set to 'Everyone: Full Control' in the installation directory. This misconfiguration permits local users to elevate their privileges by substituting application files, potentially leading to malicious actions. The vulnerability is particularly illustrated by the modification of 'traysser.exe', emphasizing the urgent need to secure installation paths and restrict access rights to prevent unauthorized alterations.

References

http://securityreason.com/securityalert/3085

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/bid/25493

vdb-entryx_refsource_BID

http://secunia.com/advisories/26581

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2007
Vulnerability Reserved
Aug 31, 2007