| VID |
28143 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Visnetic AntiVirus Plug-in for MailServer, according to its version number, has a local privilege escalation vulnerability. VisNetic AntiVirus Plug-in for MailServer version 4.6.1.1 and earlier versions could allow a local user to gain elevated privileges. This flaw is due to a design error where the application (DKAVUpSch.exe) does not drop its privileges before invoking other programs. A local attacker could exploit this vulnerability to execute arbitrary programs and commands with SYSTEM privileges.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://secunia.com/secunia_research/2005-65/advisory/
http://secunia.com/advisories/16583/
http://www.frsirt.com/english/advisories/2006/0701
* Platforms Affected:
Deerfield, VisNetic AntiVirus Plug-in version 4.6.1.1 and earlier versions
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of VisNetic AntiVirus Plug-in for VisNetic MailServer (4.6.1.2 or later), available from the VisNetic AntiVirus Web site at http://www.deerfield.com/products/visnetic-mailserver/antivirus/ |
| Related URL |
CVE-2006-0812 (CVE) |
| Related URL |
16788 (SecurityFocus) |
| Related URL |
24928 (ISS) |
|
