CVE Vulnerability

CVE-2007-4649

MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065509.html Exploit
http://www.securityfocus.com/bid/25493 Exploit
http://secunia.com/advisories/26581 Vendor Advisory
http://securityreason.com/securityalert/3085
https://exchange.xforce.ibmcloud.com/vulnerabilities/36367
Configurations

Configuration 1

cpe:2.3:a:microworld_technologies:escan_anti-virus:9.0.722.1:*:*:*:*:*:*:*
cpe:2.3:a:microworld_technologies:escan_virus_control:9.0.722.1:*:*:*:*:*:*:*
cpe:2.3:a:microworld_technologies:escan_internet_security:9.0.722.1:*:*:*:*:*:*:*
Information

Published : 2007-08-31 11:17

Updated : 2017-07-29 01:33

NVD link : CVE-2007-4649

Mitre link : CVE-2007-4649

Products Affected
No products.
CWE
CWE-264