|
Feeds -
Exploits
|
|
Written by alex ntinternals org
|
|
Monday, 06 April 2009 23:12 |
Multiple ISecSoft Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities
-\\Bugtraq ID:
32202
-\\Class:
Input Validation Error
-\\CVE:
-\\Remote:
No
-\\Local:
Yes
-\\Published:
Nov 07 2008 12:00AM
-\\Updated:
Apr 06 2009 09:06PM
-\\Credit:
alex ntinternals org
-\\Vulnerable:
ISecSoft Anti-Trojan Elite 4.2.1
ISecSoft Anti-Keylogger Elite 3.3
-\\Discussion
ISecSoft Anti-Trojan Elite and Anti-Keylogger Elite are prone to multiple local
privilege-escalation vulnerabilities.
An attacker can exploit these issues to execute arbitrary code with elevated
privileges, which may facilitate a complete compromise of the affected computer.
The following applications are vulnerable:
Anti-Trojan Elite 4.2.1 and earlier
Anti-Keylogger Elite 3.3.0 and earlier
-\\Exploit(s)/PoC(s):
Core Security Technologies has developed a working commercial exploit for its
CORE IMPACT product. This exploit is not otherwise publicly available or known
to be circulating in the wild.
The following exploits are available:
============================
http://www.securityfocus.com/data/vulnerabilities/exploits/akeprotect_exp.zip
http://www.securityfocus.com/data/vulnerabilities/exploits/atepmon_dos.zip
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are
in error or if you are aware of more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--Anti-Trojan Elite and Anti-Keylogger Elite Privilege Escalation Vulnerabilities
http://www.ntinternals.org/ntiadv0802/ntiadv0802.htm (alex ntinternals org)
--Vendor Homepage
http://www.remove-trojan.com/index.ph (ISecSoft)
|
