Outpost Firewall Pro Open Folder Local Privilege Escalation

2006-07-18T05:19:01
ID OSVDB:27349
Type osvdb
Reporter Ben Goulding()
Modified 2006-07-18T05:19:01

Description

Vulnerability Description

Outpost Firewall Pro contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to application windows running with SYSTEM privileges. This flaw can be exploited to launch explorer.exe with SYSTEM privileges by using the "open folder" option in the "Shared Components" windows.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Outpost Firewall Pro contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to application windows running with SYSTEM privileges. This flaw can be exploited to launch explorer.exe with SYSTEM privileges by using the "open folder" option in the "Shared Components" windows.

References:

Vendor URL: http://www.agnitum.com/products/outpost/index.php Secunia Advisory ID:21089 Other Advisory URL: http://www.ben.goulding.com.au/secad.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0317.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0480.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0490.html ISS X-Force ID: 27848 FrSIRT Advisory: ADV-2006-2852 CVE-2006-3697 Bugtraq ID: 19024