Vulners
Lucene search
Reason Core Security 1.1.2 Privilege Escalation
`=====================================================
[#] Exploit Title : Reason Core Security - Unquoted Service Path Privilege Escalation
[#] Affected Product(s): Reason Core Security v1.1.2 - Software
[#] Exploitation Technique: Local
[#] Severity Level: Medium
[#] Tested OS : Windows 10
=====================================================
[#] Product & Service Introduction:
===================================
Reason Core Security is an anti-malware program designed by developers HerdProtect.
This program is intended for use with your existing antivirus software and acts as a second layer of defense in the event that the malware slips past the real-time protection of your antivirus program.
(Copy of the Vendor Homepage: https://www.reasoncoresecurity.com/ )
[#] Technical Details & Description:
====================================
The application suffers from an unquoted search path issue in the official Reason Core Security v1.1.2 software. The issue allows authorized
but unprivileged local users to execute arbitrary code with system privileges on the active system. The attack vector of the issue is local.
[#] Proof of Concept (PoC):
===========================
The issue can be exploited by local attackers with restricted system user account or network access and without user interaction.
For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
-- PoC Exploit --
C:\Program Files\Reason\Security>sc qc rsEngineSvc
[SC] QueryServiceConfig reussite(s)
SERVICE_NAME: rsEngineSvc
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Reason\Security\rsEngineSvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Reason Core Security Engine Service
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
[#] Vulnerability Disclosure Timeline:
======================================
2016-11-07 : Discovery of the Vulnerability
2016-11-07 : Contact the Vendor (No Response Support Team)
2016-11-14 : Public Disclosure
[#] Disclaimer:
===============
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author.
The author is not responsible for any misuse of the information contained herein and prohibits any malicious use of all security related information or exploits by the author or elsewhere.
Domain: www.zwx.fr
Contact: [email protected]
Social: twitter.com/XSSed.fr
Feeds: www.zwx.fr/feed/
Advisory: www.vulnerability-lab.com/show.php?user=ZwX
packetstormsecurity.com/files/author/12026/
cxsecurity.com/search/author/DESC/AND/FIND/0/10/ZwX/
0day.today/author/27461
Copyright (c) 2016 | ZwX - Security Researcher (Software & web application)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Nov 2016 00:00Current
0.4Low risk
Vulners AI Score0.4