Vulnerability CVE-2005-3663 - CERT Civis.Net

Vulnerability Name:

CVE-2005-3663 (CCN-23094)

Assigned:

2005-11-15

Published:

2005-11-15

Updated:

2011-03-08

Summary:

Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: Full-Disclosure Mailing List, Mon May 09 2005 - 15:14:02 CDT
Useless tidbit

Source: CCN
Type: Full-Disclosure Mailing List, Tue Jan 17 2006 - 15:45:14 CST
[ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess()

Source: CCN
Type: Full-Disclosure Mailing List, Wed Aug 29 2007 - 17:27:07 CDT
Multiple improper file path handling issues

Source: MITRE
Type: CNA
CVE-2005-2935

Source: MITRE
Type: CNA
CVE-2005-2936

Source: MITRE
Type: CNA
CVE-2005-2938

Source: MITRE
Type: CNA
CVE-2005-2939

Source: MITRE
Type: CNA
CVE-2005-2940

Source: MITRE
Type: CNA
CVE-2005-3663

Source: MITRE
Type: CNA
CVE-2006-0255

Source: MITRE
Type: CNA
CVE-2019-4245

Source: CCN
Type: SA19358
RealNetworks Products Multiple Buffer Overflow Vulnerabilities

Source: SREASON
Type: UNKNOWN
187

Source: CCN
Type: SECTRACK ID: 1015222
Apple iTunes for Windows Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1015223
RealPlayer Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1015224
Kaspersky Anti-Virus for Windows File Servers Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015224

Source: CCN
Type: SECTRACK ID: 1015225
VMware Workstation Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1015226
Microsoft AntiSpyware Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: CCN
Type: RealNetworks Customer Support - Real Security Updates March 16, 2006
RealNetworks Releases Product Updates.

Source: CCN
Type: Apple Web site
Apple - ITunes - Download iTunes

Source: CCN
Type: iDEFENSE Security Advisory 11.15.05
Multiple Vendor Insecure Call to CreateProcess() Vulnerability

Source: IDEFENSE
Type: Vendor Advisory
20051115 Multiple Vendor Insecure Call to CreateProcess() Vulnerability

Source: CCN
Type: OSVDB ID: 17088
Microsoft AntiSpyware gsasDtServ.exe Path Subversion Privilege Escalation

Source: CCN
Type: OSVDB ID: 20988
Apple iTunes iTunesHelper.exe Path Subversion Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 21009
Kaspersky Anti-Virus Search Path Subversion Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 21010
RealPlayer Path Subversion Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 21011
VMware Workstation Search Path Subversion Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 22703
Check Point VPN-1 SecureClient SR_Watchdog.exe Path Subversion Local Privilege Escalation

Source: CCN
Type: BID-15446
Apple iTunes 6 For Windows Arbitrary Local Code Execution Vulnerability

Source: CCN
Type: BID-15448
Multiple Vendor lpCommandLine Application Path Vulnerability

Source: CCN
Type: BID-16290
Check Point VPN-1 SecureClient Path Specification Local Privilege Escalation Vulnerability

Source: XF
Type: UNKNOWN
multiple-vendor-insecure-createprocess(23094)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [08-15-2012]

Source: CCN
Type: IBM Security Bulletin 880775 (Cognos TM1)
IBM Cognos TM1 is affected by multiple vulnerabilities (CVE-2018-15494, CVE-2019-4245)

Source: CCN
Type: IBM Security Bulletin 884724 (Planning Analytics)
Multiple vulnerabilities affect IBM Planning Analytics

Vulnerable Configuration:

Configuration 1:

cpe:/a:kaspersky_lab:kaspersky_anti-virus:5.0:*:windows_file_servers:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apple:itunes:4.7.1.30:*:*:*:*:*:*:*

OR cpe:/a:microsoft:antispyware:1.0.509:beta1:*:*:*:*:*:*

OR cpe:/a:checkpoint:vpn-1_secureclient:-:*:*:*:*:*:*:*

OR cpe:/a:norman:norman_virus_control:5.90:*:*:*:*:*:*:*

OR cpe:/a:agnitum:outpost_firewall:*:*:pro:*:*:*:*:*

OR cpe:/a:agnitum:outpost_security_suite:6.7.3.3063.452.0726:-:professional:*:*:*:*:*

OR cpe:/a:hauri:virobot_desktop:5.5:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*

AND

cpe:/a:ibm:cognos_tm1:10.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:planning_analytics:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:planning_analytics:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:planning_analytics:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:planning_analytics:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:planning_analytics:2.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:planning_analytics:2.0.6:*:*:*:*:*:*:*

Denotes that component is vulnerable