Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| infotecs | vipnet_client | * |
| infotecs | vipnet_coordinator | * |
| infotecs | vipnet_safedisk | * |
| infotecs | vipnet_personal_firewall | * |
Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local users to gain privileges by placing a Trojan horse ViPNet update file in the update folder. The attack succeeds because of incorrect folder permissions in conjunction with a lack of integrity and authenticity checks.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-345,CWE-354,CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| infotecs | vipnet_client | * |
| infotecs | vipnet_coordinator | * |