0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
SopCast 3.4.7 (Diagnose.exe) Improper Permissions
SopCast 3.4.7 (Diagnose.exe) Improper Permissions Vendor: SopCast.com Product web page: http://www.sopcast.com Affected version: 3.4.7.45585 Summary: SopCast is a simple, free way to broadcast video and audio or watch the video and listen to radio on the Internet. Adopting P2P(Peer-to-Peer) technology, It is very efficient and easy to use. SoP is the abbreviation for Streaming over P2P. Sopcast is a Streaming Direct Broadcasting System based on P2P. The core is the communication protocol produced by Sopcast Team, which is named sop://, or SoP technology. Desc: SopCast is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full control) for the 'Everyone' group, for the 'Diagnose.exe' binary file which is bundled with the SopCast installation package. Tested on: Microsoft Windows XP Professional SP3 (EN) Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Vendor status: [30.11.2011] Vulnerability discovered. [01.12.2011] Contact with the vendor with sent detailed info. [04.12.2011] No response from the vendor. [05.12.2011] Public security advisory released. Advisory ID: ZSL-2011-5062 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5062.php 30.11.2011 -- C:\Program Files\SopCast>cacls Diagnose.exe C:\Program Files\SopCast\Diagnose.exe Everyone:F <----- BUILTIN\Users:R BUILTIN\Power Users:C BUILTIN\Administrators:F NT AUTHORITY\SYSTEM:F LABPC\User101:F C:\Program Files\SopCast> # 0day.today [2024-12-25] #