← voltar
CVE-2016-20061

sheed AntiVirus 2.3 Unquoted Service Path Privilege Escalation

CVSS 8.5 HIGHEPSS 0.1%CWE-428
sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Sheedantivirus · sheed AntiVirus

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://dl.sheedantivirus.ir/setup.exehttp://sheedantivirus.ir/https://www.exploit-db.com/exploits/40497https://www.vulncheck.com/advisories/sheed-antivirus-unquoted-service-path-privilege-escalation