source: https://www.securityfocus.com/bid/25493/info
Multiple MicroWorld eScan products are vulnerable to a local privilege-escalation vulnerability because of insecure default file permissions.
Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers.
The following are vulnerable:
eScan Internet Security 9.0.722.1
eScan Virus Control 9.0.722.1
eScan AntiVirus 9.0.722.1
UPDATE (September 4, 2008): The following additional products have been reported as vulnerable:
eScan Corporate 9.0.x
eScan Professional 9.0.x
eScan Workstation Server 9.0.x
eScan Web and Mail Filter 9.0.x
MailScan for Mail-Server 5.6a
MailScan for SMTP Server 5.6a
X-Spam for SMTP Servers 5.6a
Other versions and software packages may also be affected.
- logon as LUA user
- rename traysser.exe to traysser.exe.BAK
- copy program.exe to eScan installation directory
- rename program.exe to traysser.exe
- restart the computer
- "rootshell" ;)
NOTE: traysser.exe is eScan Server Updater Service that
runs as NT AUTHORITY\SYSTEM.
