SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 suffer from a local privilege escalation vulnerability.
e338d1a038c462ffe3d9181e3b9e8eb1c580efd207a6480e628ceddc80e9935b# Exploit Title: SUPERAntiSpyware Professional X Trial < 10.0.1206 Local Privilege Escalation
# Date: 2020-08-28
# Exploit Author: b1nary
# Vendor Homepage: https://www.superantispyware.com/
# Software Link: https://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWARE
# Version: 10.0.1206 (lower versions are affected as well)
# Vulnerability Description
SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 are vulnerable to local privilege escalation because it allows unprivileged users to restore quarantined files to a privileged location through a NTFS directory junction.
# Proof of Concept
1. Place a dll payload in an empty folder
2. Scan the payload with the SUPERAntiSpyware Professional X Trial in order to get it detected.
3. Once it is detected and moved to quarantine, create a NTFS directory junction.
4. Restore the payload and reboot the system.
Full PoC video: https://www.youtube.com/watch?v=jdcqbev-H5I
# References
https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed