Netlux Antivirus 1.0.1.8 Session Manager Service Privilege Escalation

`  
Netlux Antivirus 1.0.1.8 Session Manager Service Privilege Escalation  
  
  
Vendor: Netlux Systems Private Limited.  
Product web page: http://www.netluxantivirus.com  
Affected version: 1.0.1.8 and 1.0.1.4  
  
Summary: Netlux Antivirus is an award-winning product that provides  
comprehensive protection against all types of viruses,trojans,malwares  
and spywares, secures your data, protects your privacy and ensures  
your PC remains virus-free.  
  
Desc: The Netlux Antivirus suffers from an unquoted search path issue  
impacting the Session Manager Service 'NXSessSvc' service for Windows  
deployed as part of Netlux Antivirus package. This could potentially  
allow an authorized but non-privileged local user to execute arbitrary  
code with elevated privileges on the system. A successful attempt would  
require the local user to be able to insert their code in the system  
root path undetected by the OS or other security applications where it  
could potentially be executed during application startup or reboot. If  
successful, the local user’s code would execute with the elevated  
privileges of the application.  
  
Tested on: Microsoft Windows Ultimate SP1 (EN)  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2015-5245  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5245.php  
  
  
01.06.2015  
  
---  
  
  
C:\Users\User>sc qc NXSessSvc  
[SC] QueryServiceConfig SUCCESS  
  
SERVICE_NAME: NXSessSvc  
TYPE : 10 WIN32_OWN_PROCESS  
START_TYPE : 2 AUTO_START  
ERROR_CONTROL : 1 NORMAL  
BINARY_PATH_NAME : C:\Program Files (x86)\Netlux\NetluxAntivirus\NXSRV.exe  
LOAD_ORDER_GROUP :  
TAG : 0  
DISPLAY_NAME : Netlux Session Manager Service  
DEPENDENCIES :  
SERVICE_START_NAME : LocalSystem  
  
C:\Users\User>  
`