AntiVir Personal Edition notepad.exe privilege escalation

antivir-notepad-privilege-escalation (25244) The risk level is classified as HighHigh Risk

Description:

AntiVir PersonalEdition Classic could allow a local attacker to gain elevated access on the system. The 'file update' function will display a status report that has inherited the rights of the completed process. A local attacker could exploit this vulnerability in notepad.exe to execute arbitrary files with SYSTEM privileges.


Consequences:

Gain Privileges

Remedy:

Upgrade to the latest version of AntiVir Personal Edition, available from the AntiVir Personal Edition Web site. See References.

References:

  • AntiVir Web site: AntiVir PersonalEdition Classic. (This site is in German.)
  • Full-Disclosure Mailing List, Sat Mar 11 2006 - 07:30:13 CST: AntiVir PersonalEdition Classic: Local Privilige Escalation.
  • BID-17071: Free-AV AntiVir Personal Edition Classic Local Privilege Escalation Vulnerability
  • CVE-2006-1274: Classic Planer in AntiVir PersonalEdition Classic 7 does not drop privileges before executing external programs, which allows local users to gain privileges via notepad.exe, which is used to display scan reports.
  • OSVDB ID: 23843: AntiVir PersonalEdition Update Report Local Privilege Escalation
  • SA19217: AntiVir PersonalEdition Update Report Privilege Escalation
  • VUPEN/ADV-2006-0948: AntiVir PersonalEdition Update Report Privilege Escalation Vulnerability

Platforms Affected:

  • Avira AntiVir 7.0 build139 PersonalEdition Classic
  • FreeBSD FreeBSD

Reported:

Mar 11, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page