mardi, avril 26, 2005

BitDefender Insecure Program Execution Vulnerability

Description:
fRoGGz has reported a vulnerability in BitDefender, which can be exploited by malicious, local users to disable the virus protection or gain escalated privileges.


During installation, the installation process creates entries in the "Run" registry key to automatically run some programs when a user logs in. However, these entries are created insecurely and can be exploited to prevent the virus protection from starting up or execute arbitrary code with the privileges of another user logging in by placing a file with a specially crafted name in the application path.


Successful exploitation requires that the application has been installed in a non-default location with a directory name in the path containing a white space character and that an unprivileged user can create a specially named file in this path.


NOTE: This is not considered an issue in a default install, as only administrative users can create the file "C:\program.exe" on supported and fully updated versions of Windows.


Solution:
The vendor recommends quoting the command line of the created entries in the registry.

 

Google
 
Web eurenet.blogspot.com