Vulnerability Details CVE-2007-4649
MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.7%
CVSS Severity
CVSS v2 Score 7.2
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065509.html
- http://secunia.com/advisories/26581
- http://securityreason.com/securityalert/3085
- http://www.securityfocus.com/bid/25493
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36367
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065509.html
- http://secunia.com/advisories/26581
- http://securityreason.com/securityalert/3085
- http://www.securityfocus.com/bid/25493
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36367
Products affected by CVE-2007-4649
-
cpe:2.3:a:microworld_technologies:escan_anti-virus:9.0.722.1
-
cpe:2.3:a:microworld_technologies:escan_internet_security:9.0.722.1
-
cpe:2.3:a:microworld_technologies:escan_virus_control:9.0.722.1