Home / exploitsPDF  

ESTsoft ALUpdate 8.5.1.0.0 Privilege Escalation

Posted on 29 October 2014

# Title: ESTsoft ALUpdate Privilege Escalation Vulnerablity # Version: 8.5.1.0.0 # Tested on: Windows XP SP2 en # Vendor: http://www.altools.com/ # E-Mail: osanda[at]unseen.is # Author: Osanda Malith Jayathissa # /! Author is not responsible for any damage you cause # Use this material for educational purposes only # CVE: CVE-2014-8494 - Description ============== The "ALUpdate" folder and the "ALUpdate.exe" has been granted with full permissions to the "Users" group. Any user other than the administrator could plant malware or bind malware to the original EXE file. This is valid to any software you download from the vendor. - Proof of Concept =================== C:Program FilesESTsoft>cacls ALUpdate C:Program FilesESTsoftALUpdate BUILTINUsers:(OI)(CI)F NT SERVICETrustedInstaller:(ID)F NT SERVICETrustedInstaller:(CI)(IO)(ID)F NT AUTHORITYSYSTEM:(ID)F NT AUTHORITYSYSTEM:(OI)(CI)(IO)(ID)F BUILTINAdministrators:(ID)F BUILTINAdministrators:(OI)(CI)(IO)(ID)F BUILTINUsers:(ID)R BUILTINUsers:(OI)(CI)(IO)(ID)(special access:) GENERIC_READ GENERIC_EXECUTE CREATOR OWNER:(OI)(CI)(IO)(ID)F C:Program FilesESTsoft>cd ALUpdate C:Program FilesESTsoftALUpdate>cacls ALUpdate.exe C:Program FilesESTsoftALUpdateALUpdate.exe BUILTINUsers:(ID)F NT AUTHORITYSYSTEM:(ID)F BUILTINAdministrators:(ID)F

 

TOP