source: http://www.securityfocus.com/bid/25493/info Multiple MicroWorld eScan products are vulnerable to a local privilege-escalation vulnerability because of insecure default file permissions. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. The following are vulnerable: eScan Internet Security 9.0.722.1 eScan Virus Control 9.0.722.1 eScan AntiVirus 9.0.722.1 UPDATE (September 4, 2008): The following additional products have been reported as vulnerable: eScan Corporate 9.0.x eScan Professional 9.0.x eScan Workstation Server 9.0.x eScan Web and Mail Filter 9.0.x MailScan for Mail-Server 5.6a MailScan for SMTP Server 5.6a X-Spam for SMTP Servers 5.6a Other versions and software packages may also be affected. - logon as LUA user - rename traysser.exe to traysser.exe.BAK - copy program.exe to eScan installation directory - rename program.exe to traysser.exe - restart the computer - "rootshell" ;) NOTE: traysser.exe is eScan Server Updater Service that runs as NT AUTHORITY\SYSTEM.
Related ExploitsTrying to match CVEs (1): CVE-2007-4649
Trying to match OSVDBs (1): 40144
Other Possible E-DB Search Terms: Multiple Microworld eScan Products