[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Vulnerability in Microsoft Security Essentials <v4.2

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Vulnerability in Microsoft Security Essentials <v4.2
From: "Stefan Kanthak" <stefan.kanthak@xxxxxxxx>
Date: Sat, 4 May 2013 17:42:37 +0200

Hi @ll,

versions of Microsoft Security Essentials before the current
v4.2 (see <https://support.microsoft.com/kb/2805304>) have a
vulnerability that could lead to execution of arbitrary code
in the security context of the LocalSystem account (almost like
<https://support.microsoft.com/kb/2781197> alias
<http://technet.microsoft.com/security/bulletin/ms13-034>).

The "UninstallString" written to

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft
 Security Client]
"UninstallString"="C:\\Program Files\\Microsoft Security Client\\Setup.exe /X"

contains unquoted spaces.
This command may be called by Windows Update Agent or deployment
agents running under the LocalSystem account.


Timeline:
~~~~~~~~~

2012-12-05    vendor informed

2013-12-06    vendor acknowledged report

2013-02-13    vendor released fixed version


Stefan Kanthak

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Trying to send mail to Broadcom
Next by Date: [Full-disclosure] XSS vulnerability in JW Player and JW Player Pro
Previous by thread: Re: [Full-disclosure] Trying to send mail to Broadcom
Next by thread: [Full-disclosure] XSS vulnerability in JW Player and JW Player Pro
Index(es):
- Date
- Thread