Information disclosure

2007-08-3123:17:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.

CPENameOperatorVersion
escan_anti-viruseq9.0.722.1
escan_internet_securityeq9.0.722.1
escan_virus_controleq9.0.722.1

Name	Operator	Version
escan_anti-virus	eq	9.0.722.1
escan_internet_security	eq	9.0.722.1
escan_virus_control	eq	9.0.722.1

References

lists.grok.org.uk/pipermail/full-disclosure/2007-August/065509.html

secunia.com/advisories/26581

securityreason.com/securityalert/3085

www.securityfocus.com/bid/25493

exchange.xforce.ibmcloud.com/vulnerabilities/36367