发布日期：2014-10-28
更新日期：2014-10-29

受影响系统：

ESTsoft ALUpdate 8.5.1.0.0

描述：

---

BUGTRAQ  ID: 70790
CVE(CAN) ID: CVE-2014-8494

ESTsoft ALUpdate是软件更新程序。

ESTsoft ALUpdate 8.5.1.0.0版本的"ALUpdate"文件夹和 "ALUpdate.exe"对"Users"组赋予了完全权限，任何用户都可以绑定恶意软件到原始EXE文件，攻击者可利用此漏洞获取提升的权限，执行未授权操作。

<*来源：Osanda Malith
  *>

建议：

---

临时解决方法：

如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁：

C:\Program Files\ESTsoft>cacls ALUpdate
C:\Program Files\ESTsoft\ALUpdate BUILTIN\Users:(OI)(CI)F
                                  NT SERVICE\TrustedInstaller:(ID)F
                                  NT SERVICE\TrustedInstaller:(CI)(IO)(ID)F
                                  NT AUTHORITY\SYSTEM:(ID)F
                                  NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(ID)F
                                  BUILTIN\Administrators:(ID)F
                                  BUILTIN\Administrators:(OI)(CI)(IO)(ID)F
                                  BUILTIN\Users:(ID)R
                                  BUILTIN\Users:(OI)(CI)(IO)(ID)(special access:)
                                                                GENERIC_READ
                                                                GENERIC_EXECUTE

                                  CREATOR OWNER:(OI)(CI)(IO)(ID)F


C:\Program Files\ESTsoft>cd ALUpdate

C:\Program Files\ESTsoft\ALUpdate>cacls ALUpdate.exe
C:\Program Files\ESTsoft\ALUpdate\ALUpdate.exe BUILTIN\Users:(ID)F
                                               NT AUTHORITY\SYSTEM:(ID)F
                                               BUILTIN\Administrators:(ID)F

厂商补丁：

ESTsoft
-------
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：

http://www.altools.com/ALTools/ALFTP.aspx

参考：http://packetstormsecurity.com/files/128868/estsoftalupdate-escalate.txt

浏览次数：2001
严重程度：0（网友投票）