NOS getPlus Download Manager Insecure File Permissions Local Privilege Escalation Vulnerability

NOS Microsystems getPlus Download Manager is prone to a local privilege-escalation vulnerability that stems from a design error. This vulnerability occurs because the application assigns insecure file permissions to certain files during installation.

An attacker may exploit this vulnerability to overwrite affected files with arbitrary code that will then run with SYSTEM-level privileges. This may facilitate a complete compromise of affected computers.

Note that Adobe Acrobat Reader uses the getPlus Download Manager. Other applications may also use getPlus.


Privacy Statement
Copyright 2010, SecurityFocus