Home page logo
/

bugtraq logo Bugtraq mailing list archives

{PRL} Rising Antivirus 2009 Privilege Escalation
From: Protek Research Lab <protekresearchlab () yahoo ca>
Date: Tue, 27 Oct 2009 08:14:45 -0700 (PDT)

#####################################################################################

Application:  Rising Antivirus 2009
            
Platforms:    Windows XP Professional SP2

Exploitation: Privilege Escalation

Date:         2009-10-26

Author:       Francis Provencher (Protek Research Lab's) 

          
#####################################################################################

1) Introduction
2) Technical details
3) The Code (N/A)


#####################################################################################

===============
1) Introduction
===============
 Rising Antivirus 2009

Protects your computers against all types of viruses, Trojans, Worms, Rootkits and other malicious programs. Ease of 
use, Active Defense technology, Patented Unknown Virus Scan&Clean technology and Patented Smartupdate technology make 
RISING Antivirus ' install-and-forget ' product that lets you focus on what you really want to do.

(from Rising Anti-virus website)


#####################################################################################

============================
2) Technical details 
============================

Rising Antivirus 2009
Build 21.28.32

All files under the install folder have Full control for BUILTIN\users and can be replace with malicious files.

... snip ...

C:\Program Files\Rising\Rav\RavTask.exe BUILTIN\Utilisateurs:F
                                        BUILTIN\Utilisateurs avec pouvoir:C
                                        BUILTIN\Administrateurs:F
                                        AUTORITE NT\SYSTEM:F
                                        FUZZYXP\francis:F
... snip ...

C:\>WHOAMI.EXE
FUZZYXP\francis

C:\>telnet 127.0.0.1 4444


C:\>WHOAMI.EXE
WHOAMI.EXE
AUTORITE NT\SYSTEM





#####################################################################################

===========
3) The Code
===========

N\A


#####################################################################################
(PRL-2009-13)




      __________________________________________________________________
The new Internet Explorer® 8 - Faster, safer, easier.  Optimized for Yahoo!  Get it Now for Free! at 
http://downloads.yahoo.com/ca/internetexplorer/


  By Date           By Thread  

Current thread:
  • {PRL} Rising Antivirus 2009 Privilege Escalation Protek Research Lab (Oct 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]