CVE-2009-2564

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.

References

http://blogs.adobe.com/psirt/2009/07/local_privilege_escalation_in.html

http://retrogod.altervista.org/9sg_adobe_local.html

http://secunia.com/advisories/35930

http://secunia.com/advisories/36331

http://securitytracker.com/id?1023007

http://www.adobe.com/support/security/bulletins/apsb09-15.html

http://www.exploit-db.com/exploits/9199

http://www.securityfocus.com/archive/1/505095/100/0/threaded

http://www.securityfocus.com/bid/35740

http://www.us-cert.gov/cas/techalerts/TA09-286B.html

http://www.vupen.com/english/advisories/2009/1969

http://www.vupen.com/english/advisories/2009/2898

https://exchange.xforce.ibmcloud.com/vulnerabilities/54383

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5719

Details

Source: MITRE

Published: 2009-07-21

Updated: 2018-10-10

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
51709SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6585)NessusSuSE Local Security Checks
high
51708SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6584)NessusSuSE Local Security Checks
high
51694SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6583)NessusSuSE Local Security Checks
high
51693SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6582)NessusSuSE Local Security Checks
high
42318openSUSE 10 Security Update : acroread (acroread-6588)NessusSuSE Local Security Checks
high
42251SuSE 11 Security Update : acroread_ja (SAT Patch Number 1424)NessusSuSE Local Security Checks
high
42250SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 1425)NessusSuSE Local Security Checks
high
42247openSUSE Security Update : acroread (acroread-1426)NessusSuSE Local Security Checks
high
42244openSUSE Security Update : acroread (acroread-1426)NessusSuSE Local Security Checks
high
42120Adobe Reader < 9.2 / 8.1.7 / 7.1.4 Multiple Vulnerabilities (APSB09-15)NessusWindows
high