CVE-2007-5254

Severity Score

7.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions (Everyone:Write) for its installation directory, which allows local users to gain privileges by replacing application programs, as demonstrated by replacing vba32ldr.exe.

VirusBlokAda Vba32 AntiVirus 3.12.2 utiliza permisos débiles (Everyone:Write) para sus directorios de instalación, lo cual permite a usuarios locales ganar privilegios a través del remplazamiento de programas de aplicaicón, como se demostró remplazando vba32ldr.exe.

*Credits: N/A

CVSS Scores

NISTv2 7.2

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-10-06 CVE Reserved
2007-10-06 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (5)

URL	Tag	Source
http://osvdb.org/37991	Vdb Entry
http://secunia.com/advisories/27094	Third Party Advisory
http://www.securityfocus.com/bid/25930	Vdb Entry

URL	Date	SRC
http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066313.html	2024-08-07

URL	Date	SRC
http://www.anti-virus.by/en	2008-11-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Virusblokada Search vendor "Virusblokada"		Vba32 Antivirus Search vendor "Virusblokada" for product "Vba32 Antivirus"				3.12.2 Search vendor "Virusblokada" for product "Vba32 Antivirus" and version "3.12.2"		-		Affected