Vulnerability Description
MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microworld Technologies | Escan Anti-Virus | 9.0.722.1 |
| Microworld Technologies | Escan Internet Security | 9.0.722.1 |
| Microworld Technologies | Escan Virus Control | 9.0.722.1 |
Related Weaknesses (CWE)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065509.htmlExploit
- http://secunia.com/advisories/26581Vendor Advisory
- http://securityreason.com/securityalert/3085
- http://www.securityfocus.com/bid/25493Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36367
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065509.htmlExploit
- http://secunia.com/advisories/26581Vendor Advisory
- http://securityreason.com/securityalert/3085
- http://www.securityfocus.com/bid/25493Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36367
FAQ
What is CVE-2007-4649?
CVE-2007-4649 is a vulnerability with a CVSS score of 7.2 (HIGH). MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local ...
How severe is CVE-2007-4649?
CVE-2007-4649 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4649?
Check the references section above for vendor advisories and patch information. Affected products include: Microworld Technologies Escan Anti-Virus, Microworld Technologies Escan Internet Security, Microworld Technologies Escan Virus Control.