Computer Security
[EN] securityvulns.ru no-pyccku


InfoTeCS applications weak permissions
Published:05.06.2013
Source:
SecurityVulns ID:13120
Type:local
Threat Level:
6/10
Description:Weak permissions for installation folder.
Affected:INFOTECS : ViPNet Client 3.2
 INFOTECS : ViPNet Coordinator 3.2
 INFOTECS : ViPNet Personal Firewall 3.1
 INFOTECS : ViPNet SafeDisk 4.1
CVE:CVE-2013-3496 (Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.)
Original documentdocumentchudakovma_(at)_gmail.com, CVE-2013-3496. Local privilege escalation vulnerability in Infotecs products (ViPNet Client\Coordinator, SafeDisk, Personal Firewall) (05.06.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod