Motorola Scanner SDK CoreScanner.exe Privilege Escalation Vulnerability

2015-02-10T00:00:00
ID ZDI-15-035
Type zdi
Reporter kernelsmith - Zero Day Initiative
Modified 2015-06-22T00:00:00

Description

This vulnerability allows local attackers to execute arbitrary code with elevated privileges on vulnerable installations of Motorola Scanner SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the file permissions (ACLs) on an installed directory. CoreScanner.exe is vulnerable to tampering by all users. A local attacker can leverage this vulnerability to raise privileges and execute code under the context of SYSTEM.