• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

VentaFax System Tray Application Local Privilege Escalation Vulnerability

It is reported that a privilege escalation vulnerability exists in the VentaFax System Tray application. The issue is due to the software starting with SYSTEM privileges, to enable access to the modem hardware, and subsequently failing to drop the privileges.

Although only VentaFax version 5.4 is reported vulnerable, it is likely that other versions are prone as well.