Summary
The host is installed with iBackup and is
prone to local privilege escalation vulnerability.
Impact
Successful exploitation will allow local
attacker to gain elevated privileges.
Impact Level: System/Application
Solution
No solution or patch is available as of
9th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to https://www.ibackup.com
Insight
Flaw exists as the program uses insecure
permissions which can allow anyone to replace the ib_service.exe with an executable of their choice that is loaded on system or service restart.
Affected
iBackup version 10.0.0.32 and prior on
Windows.
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-5507 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
- Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)