CVE-2007-4649
Severity:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
31/08/2007
Last modified:
29/07/2017
Description
MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:microworld_technologies:escan_anti-virus:9.0.722.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:microworld_technologies:escan_internet_security:9.0.722.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:microworld_technologies:escan_virus_control:9.0.722.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page