#####################################################################################

Application:  Rising Firewall 2009
            
Platforms:    Windows XP Professional SP2

Exploitation: Privilege Escalation

Date:         2009-10-26

Author:       Francis Provencher (Protek Research Lab's) 

          
#####################################################################################

1) Introduction
2) Technical details
3) The Code (N/A)


#####################################################################################

===============
1) Introduction
===============

Rising Firewall 2009

RISING Firewall is a customizable personal information security product designed to protect your computer from attacks while online.

(from Rising Firewall website)


#####################################################################################

============================
2) Technical details 
============================

Rising Firewall 2009 
Build 21.55.12

All files under the install folder have Full control access for BUILTIN\users and can be replace with malicious files.

... snip ....


C:\Program Files\Rising\RFW\CCenter.exe BUILTIN\Utilisateurs:F
                                        BUILTIN\Utilisateurs avec pouvoir:C
                                        BUILTIN\Administrateurs:F
                                        AUTORITE NT\SYSTEM:F
                                        FUZZYXP\francis:F
... snip ...

C:\>WHOAMI.EXE
FUZZYXP\test

C:\>telnet 127.0.0.1 4444


C:\>WHOAMI.EXE
WHOAMI.EXE
AUTORITE NT\SYSTEM





#####################################################################################

===========
3) The Code
===========

N\A


#####################################################################################
(PRL-2009-14)





      __________________________________________________________________
Get a sneak peak at messages with a handy reading pane with All new Yahoo! Mail: http://ca.promos.yahoo.com/newmail/overview2/