Home / exploits F-Secure BlackList 2.2.1092 Privilege Escalation
Posted on 16 August 2011
F-Secure BlackLight 2.2.1092 Local Privilege Escalation Vulnerability Vendor: F-Secure Corporation Product web page: http://www.f-secure.com http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/blacklight/ Affected version: 2.2.1092 Summary: F-Secure BlackLight is a tool that detects files, folders and processes hidden from the user and other programs. BlackLight is also able to remove hidden malware by renaming them. Desc: The rootkit eliminator is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'C' flag (change/write) for the 'Everyone' group, for the 'fsbl.exe' binary file. Tested on: Microsoft Windows XP Professional SP3 (EN) Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2011-5038 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5038.php 10.08.2011 -- C:>cacls fsbl.exe C:fsbl.exe BUILTINAdministrators:F Everyone:C LABPCUser4:F NT AUTHORITYSYSTEM:F C:>
