首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Native Instruments Service Center 2.2.5 Local Privilege Escalation Vulnerability
来源:http://www.zeroscience.mk 作者:LiquidWorm 发布时间:2010-11-22  

 Native Instruments Service Center 2.2.5 Local Privilege Escalation Vulnerability


 Vendor: Native Instruments GmbH
 Product web page: http://www.native-instruments.com
 Affected version: 2.2.5 (R596)

 Summary: The NI Service Center is a service used for Product Activation.

 Desc: The Native Instruments's Service Center suffers from an elevation of
 privileges vulnerability which can be used by a simple user that can change
 the executable file with a binary of choice. The vulnerability exist due to
 the improper permissions, with the "C" flag (Change(write)) for "Everyone",
 for the installed files ServiceCenter.exe and Reloader.exe.

 Tested on: Microsoft Windows XP Professional SP3 (English)


 Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic
 liquidworm gmail com
 Zero Science Lab - http://www.zeroscience.mk


 Advisory ID: ZSL-2010-4981
 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4981.php

 06.11.2010


 PoC:

----------------------------------------------------------------------------

 C:\Program Files\Native Instruments\Service Center>dir
  Volume in drive C has no label.
  Volume Serial Number is 7C64-FE80

  Directory of C:\Program Files\Native Instruments\Service Center

 07.11.2010  19:52    <DIR>          .
 07.11.2010  19:52    <DIR>          ..
 05.11.2010  17:58    <DIR>          conf
 05.11.2010  17:58    <DIR>          Documentation
 05.11.2010  17:57           738.632 Reloader.exe
 05.11.2010  17:58        10.650.440 ServiceCenter.exe
                2 File(s)     11.389.072 bytes
                4 Dir(s)   9.880.768.512 bytes free

 C:\Program Files\Native Instruments\Service Center>cacls ServiceCenter.exe
 C:\Program Files\Native Instruments\Service Center\ServiceCenter.exe BUILTIN\Administrators:F
                                                                      Everyone:C
                                                                      NT AUTHORITY\SYSTEM:F


 C:\Program Files\Native Instruments\Service Center>cacls Reloader.exe
 C:\Program Files\Native Instruments\Service Center\Reloader.exe BUILTIN\Administrators:F
                                                                 Everyone:C
                                                                 NT AUTHORITY\SYSTEM:F


 C:\Program Files\Native Instruments\Service Center>

----------------------------------------------------------------------------


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Native Instruments Traktor Pro
·Native Instruments Massive 1.1
·Native Instruments Kontakt 4 P
·Free CD to MP3 Converter 3.1 B
·Minishare 1.5.5 Buffer Overflo
·FreeNAS exec_raw.php Arbitrary
·Windows Task Scheduler Privile
·Xion Audio Player 1.0.126 Buff
·DATAC RealWin SCADA Server Buf
·Mosets Tree 2.1.6 (Joomla) Tem
·Xion Audio Player 1.0.126 (.m3
·MP3-Nator Buffer Overflow (SEH
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved