7.2

CVE-2009-2564

Exploit

EPSS 0.27%
Veröffentlicht 21.07.2009 17:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nos Microsystems ≫ Getplus Download Manager Version1.6.2.36

Adobe ≫ Acrobat Reader Version9.0

Adobe ≫ Acrobat Reader Version9.1

Corel ≫ Getplus Download Manager Version1.5.0.48

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.505

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://securitytracker.com/id?1023007

http://www.adobe.com/support/security/bulletins/apsb09-15.html

http://www.us-cert.gov/cas/techalerts/TA09-286B.html

US Government Resource

http://www.vupen.com/english/advisories/2009/2898

Vendor Advisory

http://blogs.adobe.com/psirt/2009/07/local_privilege_escalation_in.html

http://retrogod.altervista.org/9sg_adobe_local.html

Exploit

http://secunia.com/advisories/35930

Vendor Advisory

http://secunia.com/advisories/36331

Vendor Advisory

http://www.exploit-db.com/exploits/9199

http://www.securityfocus.com/archive/1/505095/100/0/threaded

http://www.securityfocus.com/bid/35740

Exploit

http://www.vupen.com/english/advisories/2009/1969

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/54383

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5719

https://nvd.nist.gov/vuln/detail/CVE-2009-2564

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2564

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2564

EUVD