[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-2564Date: (C)2009-07-21   (M)2023-12-22


NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOSingetPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1023007
http://www.securityfocus.com/archive/1/505095/100/0/threaded
BID-35740
SECUNIA-35930
SECUNIA-36331
EXPLOIT-DB-9199
ADV-2009-1969
ADV-2009-2898
TA09-286B
getplus-nos-insecure-permissions(54383)
http://blogs.adobe.com/psirt/2009/07/local_privilege_escalation_in.html
http://retrogod.altervista.org/9sg_adobe_local.html
http://www.adobe.com/support/security/bulletins/apsb09-15.html
oval:org.mitre.oval:def:5719

CPE    2
cpe:/a:adobe:acrobat_reader:9.1
cpe:/a:adobe:acrobat_reader:9.0
CWE    1
CWE-264
OVAL    4
oval:org.secpod.oval:def:18654
oval:org.secpod.oval:def:400086
oval:org.secpod.oval:def:18679
oval:org.mitre.oval:def:5719
...

© SecPod Technologies