EScan Product Agent Service MWAGENT.EXE Security Bypass Vulnerability
BID:23759
Info
EScan Product Agent Service MWAGENT.EXE Security Bypass Vulnerability
| Bugtraq ID: | 23759 |
| Class: | Design Error |
| CVE: |
CVE-2007-0655 |
| Remote: | Yes |
| Local: | Yes |
| Published: | May 02 2007 12:00AM |
| Updated: | May 02 2007 12:00AM |
| Credit: | Carsten Eiram of Secunia Research is credited with the discovery of this vulnerability. |
| Vulnerable: |
MicroWorld Technologies eScan 9.0.714.1 MicroWorld Technologies eScan 8.0.671.1 |
| Not Vulnerable: | |
Discussion
EScan Product Agent Service MWAGENT.EXE Security Bypass Vulnerability
eScan is prone to a security-bypass vulnerability..
An attacker can exploit this issue to gain access to sensitive information and modify certain configurations in the affected application via arbitrary commands. An attacker with local access to the affected computer can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. A successful local exploit of this issue would result in the complete compromise of affected computers.
This issue affects eScan 8.0.671.1 and 9.0.714.1; other versions may also be affected.
eScan is prone to a security-bypass vulnerability..
An attacker can exploit this issue to gain access to sensitive information and modify certain configurations in the affected application via arbitrary commands. An attacker with local access to the affected computer can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. A successful local exploit of this issue would result in the complete compromise of affected computers.
This issue affects eScan 8.0.671.1 and 9.0.714.1; other versions may also be affected.
Exploit / POC
EScan Product Agent Service MWAGENT.EXE Security Bypass Vulnerability
An attacker can exploit this issue by using standard network utilities.
An attacker can exploit this issue by using standard network utilities.
Solution / Fix
EScan Product Agent Service MWAGENT.EXE Security Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
EScan Product Agent Service MWAGENT.EXE Security Bypass Vulnerability
References:
References:
- eScan Homepage (MicroWorld Technologies)
- eScan Products Agent Service Missing User Authentication (Secunia Research )