BID:22424

X-Kryptor Secure Client Privilege Escalation Vulnerability

Info

X-Kryptor Secure Client Privilege Escalation Vulnerability

Bugtraq ID:	22424
Class:	Design Error
CVE:	CVE-2007-0436
Remote:	No
Local:	Yes
Published:	Feb 06 2007 12:00AM
Updated:	Mar 13 2008 01:41AM
Credit:	The NCC Group PLC reported this vulnerability.
Vulnerable:	X-Kryptor Xgntr BMS1351 X-Kryptor X-Kryptor Driver BMS1446HRR X-Kryptor Install BMS1472

Not Vulnerable:

Discussion

X-Kryptor Secure Client Privilege Escalation Vulnerability

X-Kryptor Secure Client is is prone to a local privilege-escalation vulnerability.

A local attacker may execute arbitrary code with SYSTEM privileges to completely compromise a vulnerable computer.

Exploit / POC

X-Kryptor Secure Client Privilege Escalation Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

X-Kryptor Secure Client Privilege Escalation Vulnerability

Solution:
The vendor has released a fix for this issue; please see the reference section for details.

X-Kryptor X-Kryptor Driver BMS1446HRR

X-Kryptor xkpatch462660.zip
http://www.bemacpromotions.com/files/xkpatch462660.zip

X-Kryptor Install BMS1472

X-Kryptor xkpatch462660.zip
http://www.bemacpromotions.com/files/xkpatch462660.zip

X-Kryptor Xgntr BMS1351

X-Kryptor xkpatch462660.zip
http://www.bemacpromotions.com/files/xkpatch462660.zip

References

X-Kryptor Secure Client Privilege Escalation Vulnerability

References:

NISCC Advisory 462660/NISCC/XKRYPTOR (X-Kryptor )
Vendor Homepage (X-Kryptor)
JVN#NISCC-462660 (JVN)