QuickHeal AntiVirus 2010 - Local Privilege Escalation

EDB-ID:

10475

CVE:





Platform:

Windows

Date:

2009-12-16


#####################################################################################

Application:  QuickHeal antivirus 2010 Local Privilege Escalation
            
Platforms:    Windows Vista SP2

Exploitation: Local Privilege Escalation

Date:         2009-12-16

Author:       Francis Provencher (Protek Research Lab's) 

          
#####################################################################################

1) Introduction
2) Technical details
3) The Code (N/A)


#####################################################################################

===============
1) Introduction
===============
QuickHeal antivirus 2010

Quick Heal AntiVirus 2010, with its intuitive and easy-to-use interface, provides hassle-free protection for your system. Once 

installed it acts as a shield against viruses, worms, trojans, spywares and other malicious threats. It also provides protection 

against new and unknown viruses using Quick Heal's renowned DNAScan technology, and blocks malicious websites. Quick Heal AntiVirus 

2010 is very low on resource usage and gives enhanced protection without slowing down your computer.

(from QuickHeal Anti-virus website)


#####################################################################################

============================
2) Technical details 
============================

QuickHeal antivirus 2010
Build 11.00 (4.0.0.1)

All files under the install folder have Full control for BUILTIN\users and can be replace with malicious files.

.... snip ...


C:\Program Files\Quick Heal\Quick Heal AntiVirus\SCANWSCS.EXE Everyone:(ID)F


.... snip ...



#####################################################################################

===========
3) The Code
===========

N\A


#####################################################################################
(PRL-2009-25)