Advertisement






Allock Video to Ipod converter - Insecure File Permissions

CVE Category Price Severity
N/A CWE-264 Unknown High
Author Risk Exploitation Type Date
Unknown High Local 2018-08-10
CPE
cpe:cpe:/a:allock:video_to_ipod_converter:-:insecure_file_permissions
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018080079

Below is a copy:

Allock Video to Ipod converter - Insecure File Permissions
=====================================================
[#] Exploit Title : Allock Video to Ipod converter - Insecure File Permissions
[#] Date Discovered : 2018-08-09
[#] Affected Product(s): Allock Video to Ipod converter v6.2.1217  - Software
[#] Exploitation Technique: Local
[#] Severity Level: Low
[#] Tested OS : Windows 7
=====================================================


[#] Product & Service Introduction:
===================================
Allok 3GP PSP MP4 iPod Video Converter contains Video to 3GP Converter, Video to PSP Converter, Video to PS3 Converter, Video to MP4 Converter, Video to iPod Converter, 
Video to Zune Converter, Video to Xbox Converter. It is a AVI/3GP/MP4 file conversion for your portable media player (MP4 player), iPod, Apple TV, PSP, PS3, Zune, 
Xbox360, Archos, Cellular Phone, Pocket PC, Palm etc .Integrated world class MPEG4/H264 encoder brings you amazing video quality with super fast conversion speed. 

(Copy of the Vendor Homepage: http://www.alloksoft.com/ )


[#] Technical Details & Description:
====================================
Insecure File Permissions vulnerability has been discovered in the official WampServer v3.0.6 software.

The vulnerability exists due to insecure default permissions set on the Allok Video to 'iPod Converter.exe' and 'avep.exe' or 'unins000.exe'
A local attacker could exploit this vulnerability by replacing 'iPod Converter.exe' and 'avep.exe' or 'unins000.exe' with a malicious executable file.  
The malicious file could execute or modify with the LocalSystem permissions. 


Proof of Concept (PoC):
=======================
Allock Video to Ipod converter for Windows contains a vulnerability that could allow a local attacker to gain elevated privileges.


-- PoC Session Logs (Permissions) --
C:\Program Files\Allok Video to iPod Converter>icacls *.exe
Allok Video to iPod Converter.exe Tout le monde:(I)(F)      <- permissions 
                                  AUTORITE NT\Systme:(I)(F)
                                  BUILTIN\Administrateurs:(I)(F)
                                  BUILTIN\Utilisateurs:(I)(RX)

avep.exe Tout le monde:(I)(F)      <- permissions 
         AUTORITE NT\Systme:(I)(F)
         BUILTIN\Administrateurs:(I)(F)
         BUILTIN\Utilisateurs:(I)(RX)

unins000.exe Tout le monde:(I)(F)      <- permissions 
             AUTORITE NT\Systme:(I)(F)
             BUILTIN\Administrateurs:(I)(F)
             BUILTIN\Utilisateurs:(I)(RX)

3 fichiers correctement traits; chec du traitement de 0 fichiers


Solution - Fix & Patch:
=======================
Include multiple integrity checks for the software files on startup and during the static runtime.
Change the access permissions for the process of all three executables files ('iPod Converter.exe' and 'avep.exe' or 'unins000.exe').


[+] Disclaimer [+]
===================
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author.
The author is not responsible for any misuse of the information contained herein and prohibits any malicious use of all security related information or exploits by the author or elsewhere.

Contact:    [email protected]
Social:     twitter.com/ZwX2a
Advisory:   www.vulnerability-lab.com/show.php?user=ZwX
            packetstormsecurity.com/files/author/12026/
            cxsecurity.com/search/author/DESC/AND/FIND/0/10/ZwX/
            0day.today/author/27461

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.