Weak Permissions in Infotecs ViPNet Software Allows Privilege Escalation via Trojan Horse Files

Weak Permissions in Infotecs ViPNet Software Allows Privilege Escalation via Trojan Horse Files

CVE-2013-3496 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.

Learn more about our User Device Pen Test.