#Title: Sysax FTP Automation Server Local Privilege Escalation #Author: Craig Freyman (@cd1zz) #OS Tested: XP SP3 32bit #Version Tested: 5.33 #Date Discovered: October 1, 2012 #Vendor Contacted: October 21, 2012 #Vendor Response: November 1, 2012 #Demo: http://www.pwnag3.com/2012/11/sysax-ftp-automation-server-privilege.html Sysax FTP Automation <= 5.33 has a privilege escalation vulnerability. This can be exploited by leveraging the Scheduled Script -> Scheduled Task functionality. The scheduled task function allows you to run any external program/execuable you want, without specifying credentials. By default, this product installs under the LOCALSYSTEM service so when the binary is executed, it runs under that context. Sysax fixed this problem in version 5.34.
Related ExploitsTrying to match OSVDBs (1): 87137
Trying to match setup file: 628167e79bf89408b980f04628be2983
Other Possible E-DB Search Terms: Sysax FTP Automation Server 5.33, Sysax FTP Automation Server