Home / vulnerabilitiesPDF  

risingav-escalate.txt

Posted on 27 October 2009
Source : packetstormsecurity.org Link

 

#####################################################################################

Application: Rising Antivirus 2009

Platforms: Windows XP Professional SP2

Exploitation: Privilege Escalation

Date: 2009-10-26

Author: Francis Provencher (Protek Research Lab's)


#####################################################################################

1) Introduction
2) Technical details
3) The Code (N/A)

#####################################################################################

===============
1) Introduction
===============
Rising Antivirus 2009

Protects your computers against all types of viruses, Trojans, Worms, Rootkits and other malicious programs. Ease of use, Active Defense technology, Patented Unknown Virus Scan&Clean technology and Patented Smartupdate technology make RISING Antivirus ' install-and-forget ' product that lets you focus on what you really want to do.

(from Rising Anti-virus website)

#####################################################################################

============================
2) Technical details
============================

Rising Antivirus 2009
Build 21.28.32

All files under the install folder have Full control for BUILTINusers and can be replace with malicious files.

... snip ...

C:Program FilesRisingRavRavTask.exe BUILTINUtilisateurs:F
BUILTINUtilisateurs avec pouvoir:C
BUILTINAdministrateurs:F
AUTORITE NTSYSTEM:F
FUZZYXPfrancis:F
... snip ...

C:>WHOAMI.EXE
FUZZYXPfrancis

C:>telnet 127.0.0.1 4444

C:>WHOAMI.EXE
WHOAMI.EXE
AUTORITE NTSYSTEM

#####################################################################################

===========
3) The Code
===========

NA

#####################################################################################
(PRL-2009-13)

 

TOP

Malware :