Lucene search
Osanda MalithPACKETSTORM:128868HistoryOct 28, 2014 - 12:00 a.m.
ESTsoft ALUpdate 8.5.1.0.0 Privilege Escalation
2014-10-2800:00:00
Osanda Malith
packetstormsecurity.com
19
EPSS
0
Percentile
5.1%
`# Title: ESTsoft ALUpdate Privilege Escalation Vulnerablity
# Version: 8.5.1.0.0
# Tested on: Windows XP SP2 en
# Vendor: http://www.altools.com/
# E-Mail: osanda[at]unseen.is
# Author: Osanda Malith Jayathissa
# /!\ Author is not responsible for any damage you cause
# Use this material for educational purposes only
# CVE: CVE-2014-8494
- Description
==============
The "ALUpdate" folder and the "ALUpdate.exe" has been granted with full permissions
to the "Users" group. Any user other than the administrator could plant malware or
bind malware to the original EXE file. This is valid to any software you download
from the vendor.
- Proof of Concept
===================
C:\Program Files\ESTsoft>cacls ALUpdate
C:\Program Files\ESTsoft\ALUpdate BUILTIN\Users:(OI)(CI)F
NT SERVICE\TrustedInstaller:(ID)F
NT SERVICE\TrustedInstaller:(CI)(IO)(ID)F
NT AUTHORITY\SYSTEM:(ID)F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(ID)F
BUILTIN\Administrators:(ID)F
BUILTIN\Administrators:(OI)(CI)(IO)(ID)F
BUILTIN\Users:(ID)R
BUILTIN\Users:(OI)(CI)(IO)(ID)(special access:)
GENERIC_READ
GENERIC_EXECUTE
CREATOR OWNER:(OI)(CI)(IO)(ID)F
C:\Program Files\ESTsoft>cd ALUpdate
C:\Program Files\ESTsoft\ALUpdate>cacls ALUpdate.exe
C:\Program Files\ESTsoft\ALUpdate\ALUpdate.exe BUILTIN\Users:(ID)F
NT AUTHORITY\SYSTEM:(ID)F
BUILTIN\Administrators:(ID)F
`
Related
cve
cve
CVE-2014-8494
2014-11-03 16:55:08
prion
prion
Design/Logic Flaw
2014-11-03 16:55:00
nvd
nvd
CVE-2014-8494
2014-11-03 16:55:08
cvelist
cvelist
CVE-2014-8494
2014-11-03 16:00:00