Asseco SEE iBank FX Client <= 2.0.9.3 Local Privilege Escalation Vulnerability
Vendor: Asseco SEE
Product web page: http://www.asseco.com
Affected version: 2.0.9.3 (Build 22.06.2011)- Desktop/Enterprise Edition
1.2
1.1.5.1270 (Service Pack 5)- Desktop Edition
1.1.5.1247
1.0
Application download resource: http://24x7.com.mk/Download.aspx
http://www.24x7.rs/eng/content.asp?idmenu1=23&idmenu2=33
Summary: FX Client is an offline application for e-banking that is intended only
for legal entities.
Desc: The application is vulnerable to an elevation of privileges vulnerability
which can be used by a simple user that can change the executable file with a
binary of choice. The vulnerability exist due to the improper permissions, with
the 'F' flag (full)for the 'Everyone' and 'Users'group,for the 'RichClient.exe'
and 'fxclient.exe' binary files making them world-writable. After you replace the
binary with your rootkit, on reboot you get SYSTEM privileges.
Tested on: Microsoft Windows 7 Ultimate SP1 (EN) 32/64bit
Microsoft Windows 7 Professional SP1 (EN) 32/64bit
Microsoft Windows XP Professional SP3 (EN) 32bit
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2014-5168
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5168.php
CWE ID: 276
CWE URL: https://cwe.mitre.org/data/definitions/276.html
10.01.2014
---
C:\Program Files (x86)\PEXIM\FXClient>icacls RichClient.exe
RichClient.exe NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Users:(I)(F)
Successfully processed 1 files; Failed processing 0 files
C:\Program Files (x86)\PEXIM\FXClient>
--
C:\Program Files (x86)\Pexim Solutions\FX Client>icacls fxclient.exe
fxclient.exe Everyone:(F)
NT AUTHORITY\SYSTEM:(F)
Successfully processed 1 files; Failed processing 0 files
C:\Program Files (x86)\Pexim Solutions\FX Client>
