0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

SopCast 3.4.7 (Diagnose.exe) Improper Permissions

Author

LiquidWorm

Risk

[

Security Risk Unsored

]

0day-ID

Category

Date add

Platform

SopCast 3.4.7 (Diagnose.exe) Improper Permissions
 
 
Vendor: SopCast.com
Product web page: http://www.sopcast.com
Affected version: 3.4.7.45585
 
Summary: SopCast is a simple, free way to broadcast video and audio or watch
the video and listen to radio on the Internet. Adopting P2P(Peer-to-Peer)
technology, It is very efficient and easy to use. SoP is the abbreviation for
Streaming over P2P. Sopcast is a Streaming Direct Broadcasting System based
on P2P. The core is the communication protocol produced by Sopcast Team, which
is named sop://, or SoP technology.
 
Desc: SopCast is vulnerable to an elevation of privileges vulnerability which
can be used by a simple user that can change the executable file with a binary
of choice. The vulnerability exist due to the improper permissions, with the 'F'
flag (full control) for the 'Everyone' group, for the 'Diagnose.exe' binary file
which is bundled with the SopCast installation package.
 
Tested on: Microsoft Windows XP Professional SP3 (EN)
 
 
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience
 
 
Vendor status:
 
[30.11.2011] Vulnerability discovered.
[01.12.2011] Contact with the vendor with sent detailed info.
[04.12.2011] No response from the vendor.
[05.12.2011] Public security advisory released.
 
 
Advisory ID: ZSL-2011-5062
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5062.php
 
 
30.11.2011
 
--
 
 
C:\Program Files\SopCast>cacls Diagnose.exe
C:\Program Files\SopCast\Diagnose.exe Everyone:F <-----
                                      BUILTIN\Users:R
                                      BUILTIN\Power Users:C
                                      BUILTIN\Administrators:F
                                      NT AUTHORITY\SYSTEM:F
                                      LABPC\User101:F
 
C:\Program Files\SopCast>



#  0day.today [2024-11-14]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

SopCast 3.4.7 (Diagnose.exe) Improper Permissions

Report Error

Report Error