QuickHeal antivirus 2010 Local Privilege Escalation

2009-12-16T00:00:00
ID 1337DAY-ID-8195
Type zdt
Reporter Francis Provencher
Modified 2009-12-16T00:00:00

Description

Exploit for unknown platform in category local exploits

                                        
                                            ===================================================
QuickHeal antivirus 2010 Local Privilege Escalation
===================================================


# Title: QuickHeal antivirus 2010 Local Privilege Escalation
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Francis Provencher
# Published: 2009-12-16
# Verified: yes

view source
print?
#####################################################################################
 
Application:  QuickHeal antivirus 2010 Local Privilege Escalation
             
Platforms:    Windows Vista SP2
 
Exploitation: Local Privilege Escalation
 
Date:         2009-12-16
 
Author:       Francis Provencher (Protek Research Lab's)
 
           
#####################################################################################
 
1) Introduction
2) Technical details
3) The Code (N/A)
 
 
#####################################################################################
 
===============
1) Introduction
===============
QuickHeal antivirus 2010
 
Quick Heal AntiVirus 2010, with its intuitive and easy-to-use interface, provides hassle-free protection for your system. Once
 
installed it acts as a shield against viruses, worms, trojans, spywares and other malicious threats. It also provides protection
 
against new and unknown viruses using Quick Heal's renowned DNAScan technology, and blocks malicious websites. Quick Heal AntiVirus
 
2010 is very low on resource usage and gives enhanced protection without slowing down your computer.
 
(from QuickHeal Anti-virus website)
 
 
#####################################################################################
 
============================
2) Technical details
============================
 
QuickHeal antivirus 2010
Build 11.00 (4.0.0.1)
 
All files under the install folder have Full control for BUILTIN\users and can be replace with malicious files.
 
.... snip ...
 
 
C:\Program Files\Quick Heal\Quick Heal AntiVirus\SCANWSCS.EXE Everyone:(ID)F
 
 
.... snip ...
 
 
 
#####################################################################################
 
===========
3) The Code
===========
 
N\A
 
 



#  0day.today [2018-01-01]  #