![]() ![]() A local attacker or compromised process is able to replace the original application binary with a malicious application which will be executed by a victim user or after a ScsiAccess service restart. Insecure file permissions on the executable file "scsiaccess.exe", which is used by the application service "ScsiAccess" under the SYSTEM account, may allow a less privileged user to gain access to SYSTEM privileges. VULNERABILITY DESCRIPTION - A local privilege escalation vulnerability has been identified in Photodex ProShow Producer v5. 0.3310, older versions may be affected too. VERSIONS AFFECTED - Photodex ProShow Producer v5. CREDITS - This vulnerability was discovered and researched by Julien Ahrens from Inshell Security. ADVISORY INFORMATION - Product : Photodex ProShow Producer Vendor URL : com Type : Incorrect Default Permissions Date found : 2013 - 03 - 18 Date published : 2013 - 03 - 19 CVSSv2 Score : 7, 2 ( AV : L / AC : L / Au : N / C : C / I : C / A : C ) CVE : - 2. ![]() # Exploit-DB Note: Vuln still in as well as 'Photodex ProShow Gold' Inshell Security Advisory http : // net 1. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |