Advertisement






Allock 3GP PSP MP4 Ipod Video Converter - Insecure File Permissions

CVE Category Price Severity
N/A CWE-732 Unknown Unknown
Author Risk Exploitation Type Date
Unknown Unknown Remote 2018-08-10
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018080078

Below is a copy:

Allock 3GP PSP MP4 Ipod Video Converter - Insecure File Permissions
=====================================================
[#] Exploit Title : Allock 3GP PSP MP4 Ipod Video Converter - Insecure File Permissions
[#] Date Discovered : 2018-08-09
[#] Affected Product(s): Allock 3GP PSP MP4 Ipod Video v6.2.1217  - Software
[#] Exploitation Technique: Local
[#] Severity Level: Low
[#] Tested OS : Windows 7
=====================================================


[#] Product & Service Introduction:
===================================
Allok 3GP PSP MP4 iPod Video Converter contains Video to 3GP Converter, Video to PSP Converter, Video to PS3 Converter, Video to MP4 Converter, Video to iPod Converter, 
Video to Zune Converter, Video to Xbox Converter. It is a AVI/3GP/MP4 file conversion for your portable media player (MP4 player), iPod, Apple TV, PSP, PS3, Zune, 
Xbox360, Archos, Cellular Phone, Pocket PC, Palm etc .Integrated world class MPEG4/H264 encoder brings you amazing video quality with super fast conversion speed. 

(Copy of the Vendor Homepage: http://www.alloksoft.com/ )


[#] Technical Details & Description:
====================================
Insecure File Permissions vulnerability has been discovered in the official Allock 3GP PSP MP4 Ipod Video Converter v6.2.1217 software.

The vulnerability exists due to insecure default permissions set on the Allok Video to 'Allock 3GP PSP MP4 Ipod Video Converter.exe' and 'avep.exe' or 'unins000.exe'
A local attacker could exploit this vulnerability by replacing 'iPod Converter.exe' and 'avep.exe' or 'unins000.exe' with a malicious executable file.  
The malicious file could execute or modify with the LocalSystem permissions. 


Proof of Concept (PoC):
=======================
Allock 3GP PSP MP4 Ipod Video Converter for Windows contains a vulnerability that could allow a local attacker to gain elevated privileges.


-- PoC Session Logs (Permissions) --
C:\Program Files\Allock 3GP PSP MP4 Ipod Video Converter>icacls *.exe
Allock 3GP PSP MP4 Ipod Video Converter.exe Tout le monde:(I)(F)      <- permissions 
                                  AUTORITE NT\Systme:(I)(F)
                                  BUILTIN\Administrateurs:(I)(F)
                                  BUILTIN\Utilisateurs:(I)(RX)

avep.exe Tout le monde:(I)(F)      <- permissions 
         AUTORITE NT\Systme:(I)(F)
         BUILTIN\Administrateurs:(I)(F)
         BUILTIN\Utilisateurs:(I)(RX)

unins000.exe Tout le monde:(I)(F)      <- permissions 
             AUTORITE NT\Systme:(I)(F)
             BUILTIN\Administrateurs:(I)(F)
             BUILTIN\Utilisateurs:(I)(RX)

3 fichiers correctement traits; chec du traitement de 0 fichiers


Solution - Fix & Patch:
=======================
Include multiple integrity checks for the software files on startup and during the static runtime.
Change the access permissions for the process of all three executables files ('Allock 3GP PSP MP4 Ipod Video Converter' and 'avep.exe' or 'unins000.exe').


[+] Disclaimer [+]
===================
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author.
The author is not responsible for any misuse of the information contained herein and prohibits any malicious use of all security related information or exploits by the author or elsewhere.

Contact:    [email protected]
Social:     twitter.com/ZwX2a
Advisory:   www.vulnerability-lab.com/show.php?user=ZwX
            packetstormsecurity.com/files/author/12026/
            cxsecurity.com/search/author/DESC/AND/FIND/0/10/ZwX/
            0day.today/author/27461

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.