====================================================================== Secunia Research 21/12/2004 - Spy Sweeper Enterprise Client Privilege Escalation Vulnerability - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software Spy Sweeper Enterprise 1.5.1 (Build 3698) NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Less Critical Impact: Privilege Escalation Where: Local System ====================================================================== 3) Vendor's Description of Software Spy Sweeper Enterprise: "Webroot Spy Sweeper Enterprise provides comprehensive spyware protection for corporations. Using a client / server architecture, Spy Sweeper Enterprise proactively detects and removes all forms of spyware and malware within the organization". Product link: http://www.webroot.com/products/spysweeper/enterprise/ ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in Spy Sweeper Enterprise, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Spy Sweeper Enterprise Client "SpySweeperTray.exe" process invoking the help functionality with SYSTEM privileges. This can be exploited to execute arbitrary commands on a system with escalated privileges. ====================================================================== 5) Solution The vendor has issued version 2.0, which fixes the vulnerability. ====================================================================== 6) Time Table 15/11/2004 - Vulnerability discovered. 15/11/2004 - Vendor notified. 15/11/2004 - Vendor response. 19/12/2004 - Vendor issues version 2.0. 21/12/2004 - Public disclosure. ====================================================================== 7) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has not currently assigned the vulnerability a candidate number. ====================================================================== 9) About Secunia Secunia collects, validates, assesses, and writes advisories regarding all the latest software vulnerabilities disclosed to the public. These advisories are gathered in a publicly available database at the Secunia website: http://secunia.com/ Secunia offers services to our customers enabling them to receive all relevant vulnerability information to their specific system configuration. Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/secunia_security_advisories/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2004-14/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html