#####################################################################################
Application: Rising Antivirus 2009
Platforms: Windows XP Professional SP2
Exploitation: Privilege Escalation
Date: 2009-10-26
Author: Francis Provencher (Protek Research Lab's)
#####################################################################################
1) Introduction
2) Technical details
3) The Code (N/A)
#####################################################################################
===============
1) Introduction
===============
Rising Antivirus 2009
Protects your computers against all types of viruses, Trojans, Worms, Rootkits and other malicious programs. Ease of use, Active Defense technology, Patented Unknown Virus Scan&Clean technology and Patented Smartupdate technology make RISING Antivirus ' install-and-forget ' product that lets you focus on what you really want to do.
(from Rising Anti-virus website)
#####################################################################################
============================
2) Technical details
============================
Rising Antivirus 2009
Build 21.28.32
All files under the install folder have Full control for BUILTIN\users and can be replace with malicious files.
... snip ...
C:\Program Files\Rising\Rav\RavTask.exe BUILTIN\Utilisateurs:F
BUILTIN\Utilisateurs avec pouvoir:C
BUILTIN\Administrateurs:F
AUTORITE NT\SYSTEM:F
FUZZYXP\francis:F
... snip ...
C:\>WHOAMI.EXE
FUZZYXP\francis
C:\>telnet 127.0.0.1 4444
C:\>WHOAMI.EXE
WHOAMI.EXE
AUTORITE NT\SYSTEM
#####################################################################################
===========
3) The Code
===========
N\A
#####################################################################################
(PRL-2009-13)
__________________________________________________________________
The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/
