vendor:
NetVault
by:
milw0rm.com
7.2
CVSS
HIGH
Privilege Escalation
N/A
CWE
Product Name: NetVault
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2005
UnhideNetVaultServiceWindow.c
This exploit allows an attacker to gain access to the LocalSystem account by exploiting a vulnerability in the BakBone Software NetVault application. The attacker can use the FindWindow() API to locate the C:Program FilesBakBone SoftwareNetVaultbinnvstatsmngr.exe window, and then use the ShowWindow() API to make the window visible. The attacker can then use the What's This? feature to print a help topic, and then use the View Source feature to open Notepad. The attacker can then open cmd.exe from the system32 directory, which will run under the context of the LocalSystem account.
Mitigation:
The vendor has released a patch to address this vulnerability.
