[Full-Disclosure] Secunia Research: Spy Sweeper Enterprise Client Privilege Escalation

From: Carsten H. Eiram (che_at_secunia.com)
Date: 12/21/04

  • Next message: Martin Pitt: "[Full-Disclosure] [USN-44-1] perl information leak"
    To: vuln@secunia.com
    Date: Tue, 21 Dec 2004 13:54:09 +0100
    
    

    ======================================================================

                         Secunia Research 21/12/2004

     - Spy Sweeper Enterprise Client Privilege Escalation Vulnerability -

    ======================================================================
    Table of Contents

    Affected Software....................................................1
    Severity.............................................................2
    Vendor's Description of Software.....................................3
    Description of Vulnerability.........................................4
    Solution.............................................................5
    Time Table...........................................................6
    Credits..............................................................7
    References...........................................................8
    About Secunia........................................................9
    Verification........................................................10

    ======================================================================
    1) Affected Software

    Spy Sweeper Enterprise 1.5.1 (Build 3698)

    NOTE: Other versions may also be affected.

    ======================================================================
    2) Severity

    Rating: Less Critical
    Impact: Privilege Escalation
    Where: Local System

    ======================================================================
    3) Vendor's Description of Software

    Spy Sweeper Enterprise:
    "Webroot Spy Sweeper Enterprise provides comprehensive spyware
    protection for corporations. Using a client / server architecture,
    Spy Sweeper Enterprise proactively detects and removes all forms of
    spyware and malware within the organization".
     
    Product link:
    http://www.webroot.com/products/spysweeper/enterprise/

    ======================================================================
    4) Description of Vulnerability

    Secunia Research has discovered a vulnerability in Spy Sweeper
    Enterprise, which can be exploited by malicious, local users to gain
    escalated privileges.

    The vulnerability is caused due to the Spy Sweeper Enterprise Client
    "SpySweeperTray.exe" process invoking the help functionality with
    SYSTEM privileges.

    This can be exploited to execute arbitrary commands on a system with
    escalated privileges.

    ======================================================================
    5) Solution

    The vendor has issued version 2.0, which fixes the vulnerability.

    ======================================================================
    6) Time Table

    15/11/2004 - Vulnerability discovered.
    15/11/2004 - Vendor notified.
    15/11/2004 - Vendor response.
    19/12/2004 - Vendor issues version 2.0.
    21/12/2004 - Public disclosure.

    ======================================================================
    7) Credits

    Discovered by Carsten Eiram, Secunia Research.

    ======================================================================
    8) References

    The Common Vulnerabilities and Exposures (CVE) project has not
    currently assigned the vulnerability a candidate number.

    ======================================================================
    9) About Secunia

    Secunia collects, validates, assesses, and writes advisories regarding
    all the latest software vulnerabilities disclosed to the public. These
    advisories are gathered in a publicly available database at the
    Secunia website:

    http://secunia.com/

    Secunia offers services to our customers enabling them to receive all
    relevant vulnerability information to their specific system
    configuration.

    Secunia offers a FREE mailing list called Secunia Security Advisories:

    http://secunia.com/secunia_security_advisories/

    ======================================================================
    10) Verification

    Please verify this advisory by visiting the Secunia website:
    http://secunia.com/secunia_research/2004-14/

    Complete list of vulnerability reports published by Secunia Research:
    http://secunia.com/secunia_research/

    ======================================================================

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Martin Pitt: "[Full-Disclosure] [USN-44-1] perl information leak"

    Relevant Pages