Vulnerability Name:

CVE-2009-2564 (CCN-51869)

Assigned:2009-07-20
Published:2009-07-20
Updated:2018-10-10
Summary:NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader.
Note: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: CONFIRM
Type: UNKNOWN
http://blogs.adobe.com/psirt/2009/07/local_privilege_escalation_in.html

Source: MITRE
Type: CNA
CVE-2009-2564

Source: CCN
Type: Adobe Web site
Adobe Reader

Source: MISC
Type: Exploit
http://retrogod.altervista.org/9sg_adobe_local.html

Source: CCN
Type: SA35930
Adobe getPlus DLM Insecure Default Directory Permissions

Source: SECUNIA
Type: Vendor Advisory
35930

Source: CCN
Type: SA36331
Corel getPlus Download Manager Insecure Default Directory Permissions

Source: SECUNIA
Type: Vendor Advisory
36331

Source: CCN
Type: SECTRACK ID: 1023007
Adobe Acrobat and Adobe Reader Flaws Lets Remote Users Execute Arbitrary Code and Deny Service

Source: SECTRACK
Type: UNKNOWN
1023007

Source: CCN
Type: Sun Alert: 270669
Multiple Security Vulnerabilities in Adobe Reader for Solaris 10 May Allow Execution of Arbitrary Code or Cause Denial of Service (DoS) - Adobe Security Bulletin APSB09-15

Source: CCN
Type: Adobe Product Security Bulletin APSB09-15
Security Advisory for Adobe Reader and Acrobat

Source: CONFIRM
Type: UNKNOWN
http://www.adobe.com/support/security/bulletins/apsb09-15.html

Source: EXPLOIT-DB
Type: UNKNOWN
9199

Source: CCN
Type: NOS Microsystems Web site
NOS Microsystems Software Compression and Transfer Management - Increase your Sales and your Revenue

Source: CCN
Type: OSVDB ID: 56120
Adobe getPlus DLM \NOS\bin\getPlus_HelperSvc.exe Permission Weakness Local Privilege Escalation

Source: BUGTRAQ
Type: UNKNOWN
20090720 Adobe related service (getPlus_HelperSvc.exe) local elevation of privileges

Source: BID
Type: Exploit
35740

Source: CCN
Type: BID-35740
NOS getPlus Download Manager Insecure File Permissions Local Privilege Escalation Vulnerability

Source: CERT
Type: US Government Resource
TA09-286B

Source: VUPEN
Type: Vendor Advisory
ADV-2009-1969

Source: VUPEN
Type: Vendor Advisory
ADV-2009-2898

Source: XF
Type: UNKNOWN
getplusdlm-nos-priv-escalation(51869)

Source: XF
Type: UNKNOWN
getplus-nos-insecure-permissions(54383)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5719

Source: SUSE
Type: SUSE-SA:2009:049
Acrobat Reader Security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:nos_microsystems:getplus_download_manager:1.6.2.36:*:*:*:*:*:*:*
  • AND
  • cpe:/a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:corel:getplus_download_manager:1.5.0.48:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:acrobat:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:4.0.5c:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:7.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:4.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:4.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:4.0.5c:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:5.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:6.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:6.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:6.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:7.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:9.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:reader:8.1.6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20092564
    V
    		CVE-2009-2564
    2015-11-16
    oval:org.mitre.oval:def:5719
    V
    		Adobe Reader and Acrobat getPlus_HelperSvc.exe) local elevation of privileges
    2013-08-12
    BACK
    nos_microsystems getplus download manager 1.6.2.36
    adobe acrobat reader 9.0
    adobe acrobat reader 9.1
    corel getplus download manager 1.5.0.48
    adobe acrobat 7.0
    adobe acrobat 7.0.1
    adobe acrobat 3.0
    adobe acrobat 3.1
    adobe acrobat 4.0
    adobe acrobat 4.0.5
    adobe acrobat 4.0.5a
    adobe acrobat 4.0.5c
    adobe acrobat 5.0
    adobe acrobat 5.0.10
    adobe acrobat 5.0.5
    adobe acrobat 5.0.6
    adobe acrobat 6.0
    adobe acrobat 6.0.1
    adobe acrobat 6.0.2
    adobe acrobat 6.0.3
    adobe acrobat 6.0.4
    adobe acrobat 6.0.5
    adobe acrobat 7.0.2
    adobe acrobat 7.0.3
    adobe acrobat 7.0.4
    adobe acrobat 7.0.5
    adobe acrobat 7.0.6
    adobe acrobat 7.0.7
    adobe acrobat 7.0.8
    adobe acrobat 7.0.9
    adobe acrobat 8.1
    adobe acrobat 8.1.1
    adobe acrobat 9
    adobe acrobat 8.1.2
    adobe reader 7.0.1
    adobe reader 7.0.2
    adobe reader 7.0.3
    adobe reader 7.0.5
    adobe reader 7.0.7
    adobe reader 7.0.8
    adobe reader 7.0.9
    adobe reader 8.1.1
    adobe reader 9.0
    adobe reader 7.1.0
    adobe reader 8.1.2
    adobe reader 7.1.1
    adobe reader 8.1.4
    adobe reader 9.1
    adobe acrobat 9.1
    adobe reader 9.1.1
    adobe acrobat 9.1.1
    adobe acrobat 9.0.0
    adobe acrobat 8.1.3
    adobe acrobat 8.1.4
    adobe reader 9.1.2
    adobe acrobat 9.1.3
    adobe acrobat 7.1.3
    adobe acrobat 8.1.6
    adobe reader 3.0
    adobe reader 4.0
    adobe reader 4.0.5
    adobe reader 4.0.5a
    adobe reader 4.0.5c
    adobe reader 4.5
    adobe reader 5.0
    adobe reader 5.0.10
    adobe reader 5.0.11
    adobe reader 5.0.5
    adobe reader 6.0
    adobe reader 5.1
    adobe reader 5.0.9
    adobe reader 5.0.7
    adobe reader 5.0.6
    adobe reader 6.0.5
    adobe reader 6.0.4
    adobe reader 6.0.3
    adobe reader 6.0.2
    adobe reader 6.0.1
    adobe reader 7.1.3
    adobe reader 9.1.3
    adobe reader 8.1.6
    sun solaris 10
    novell opensuse 10.3
    novell opensuse 11.0
    adobe acrobat 9.1.2