Vulnerability Details CVE-2007-4649
MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.7%
CVSS Severity
CVSS v2 Score 7.2
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065509.html
- http://secunia.com/advisories/26581
- http://securityreason.com/securityalert/3085
- http://www.securityfocus.com/bid/25493
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36367
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065509.html
- http://secunia.com/advisories/26581
- http://securityreason.com/securityalert/3085
- http://www.securityfocus.com/bid/25493
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36367
Products affected by CVE-2007-4649
-
cpe:2.3:a:microworld_technologies:escan_anti-virus:9.0.722.1
-
cpe:2.3:a:microworld_technologies:escan_internet_security:9.0.722.1
-
cpe:2.3:a:microworld_technologies:escan_virus_control:9.0.722.1