NOD32 nod32.exe Scheduled Scan Local Privilege Escalation

2006-04-05T08:47:37
ID OSVDB:24394
Type osvdb
Reporter Tan Chew Keong()
Modified 2006-04-05T08:47:37

Description

Vulnerability Description

NOD32 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to the NOD32 GUI (nod32.exe) running with SYSTEM privileges when a scheduled on-demand scan is run by the scheduler. This can be exploited to invoke cmd.exe with SYSTEM privileges when a scheduled scan is running. This flaw may lead to a loss of integrity.

Solution Description

Upgrade to version 2.51.26 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

NOD32 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to the NOD32 GUI (nod32.exe) running with SYSTEM privileges when a scheduled on-demand scan is run by the scheduler. This can be exploited to invoke cmd.exe with SYSTEM privileges when a scheduled scan is running. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://www.eset.com/ Secunia Advisory ID:19054 Related OSVDB ID: 24393 Other Advisory URL: http://secunia.com/secunia_research/2006-17/advisory/ FrSIRT Advisory: ADV-2006-1242 CVE-2006-0951