Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Microsoft Source Code Analyzer For SQL Injection 1.3 Improper Permissions

🗓️ 16 Mar 2011 00:00:00Reported by LiquidWormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

Microsoft Source Code Analyzer for SQL Injection 1.3 suffers from an elevation of privileges vulnerability due to improper permissions on the executable file and package

Code
`Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions  
  
  
Vendor: Microsoft Corp.  
Product web page: http://www.microsoft.com  
Affected version: 1.3.30601.30705  
  
summary: Microsoft Source Code Analyzer for SQL Injection is a static  
code analysis tool for finding SQL Injection vulnerabilities in ASP code.  
Customers can run the tool on their ASP source code to help identify code  
paths that are vulnerable to SQL Injection attacks.  
  
Desc: The package suffers from an elevation of privileges vulnerability  
which can be used by a simple user that can change the executable file  
with a binary of choice. The vulnerability exist due to the improper  
permissions, with the "C" flag (Change(write)) for the "Everyone" group,  
for the binary file msscasi_asp.exe and the package itself, msscasi_asp_pkg.exe.  
  
Tested on: Microsoft Windows XP Professional SP3 (EN)  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
liquidworm gmail com  
  
  
Advisory ID: ZSL-2011-5003  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5003.php  
  
  
12.03.2011  
  
  
-------------------------------------------  
  
  
C:\Documents and Settings\User101\Desktop\msaspscan>dir  
Volume in drive C has no label.  
Volume Serial Number is 7C64-FE80  
  
Directory of C:\Documents and Settings\User101\Desktop\msaspscan  
  
12.03.2011 02:27 <DIR> .  
12.03.2011 02:27 <DIR> ..  
12.03.2011 02:27 <DIR> bin  
03.07.2008 15:08 119.422 license.rtf  
09.07.2008 10:43 107.544 microsoft.analysis.aspparser.dll  
06.11.2007 20:24 524 microsoft.vc90.crt.manifest  
09.07.2008 11:51 4.738.072 msscasi_asp.exe  
09.07.2008 13:04 139 msscasi_view.cmd  
06.11.2007 20:23 224.768 msvcm90.dll  
07.11.2007 01:19 568.832 msvcp90.dll  
07.11.2007 01:19 655.872 msvcr90.dll  
08.07.2008 16:31 224.405 readme.html  
12.03.2011 02:27 <DIR> scripts  
9 File(s) 6.639.578 bytes  
4 Dir(s) 16.956.391.424 bytes free  
  
C:\Documents and Settings\User101\Desktop\msaspscan>cacls msscasi_asp.exe  
C:\Documents and Settings\User101\Desktop\msaspscan\msscasi_asp.exe BUILTIN\Administrators:F  
Everyone:C  
LABPC\User101:F  
NT AUTHORITY\SYSTEM:F  
  
  
C:\Documents and Settings\User101\Desktop\msaspscan>  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Mar 2011 00:00Current
0.4Low risk
Vulners AI Score0.4
microsoft source code analyzersql injectionelevation of privilegesimproper permissionsvulnerability
25