Vulnerability Name:

CVE-2019-4245 (CCN-23094)

Assigned:2005-11-15
Published:2005-11-15
Updated:2005-11-15
Summary:Multiple vendor applications designed for Microsoft Windows platforms make insecure calls to the CreateProcess() and CreateProcessAsUser() functions using unquoted Windows search paths, which could allow a local attacker to execute arbitrary code on the system. An attacker could exploit this vulnerability by placing malicious files on the victim's system that have the same name as legitimate files, which would be called by one of the affected applications allowing the attacker to execute arbitrary code on the system with elevated privileges.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: Full-Disclosure Mailing List, Mon May 09 2005 - 15:14:02 CDT
Useless tidbit

Source: CCN
Type: Full-Disclosure Mailing List, Tue Jan 17 2006 - 15:45:14 CST
[ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess()

Source: CCN
Type: Full-Disclosure Mailing List, Wed Aug 29 2007 - 17:27:07 CDT
Multiple improper file path handling issues

Source: MITRE
Type: CNA
CVE-2005-2935

Source: MITRE
Type: CNA
CVE-2005-2936

Source: MITRE
Type: CNA
CVE-2005-2938

Source: MITRE
Type: CNA
CVE-2005-2939

Source: MITRE
Type: CNA
CVE-2005-2940

Source: MITRE
Type: CNA
CVE-2005-3663

Source: MITRE
Type: CNA
CVE-2006-0255

Source: MITRE
Type: CNA
CVE-2019-4245

Source: CCN
Type: SA19358
RealNetworks Products Multiple Buffer Overflow Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1015222
Apple iTunes for Windows Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1015223
RealPlayer Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1015224
Kaspersky Anti-Virus for Windows File Servers Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1015225
VMware Workstation Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: CCN
Type: SECTRACK ID: 1015226
Microsoft AntiSpyware Improper CreateProcess() Call Lets Local Users Execute Arbitrary Code

Source: CCN
Type: RealNetworks Customer Support - Real Security Updates March 16, 2006
RealNetworks Releases Product Updates.

Source: CCN
Type: Apple Web site
Apple - ITunes - Download iTunes

Source: CCN
Type: iDEFENSE Security Advisory 11.15.05
Multiple Vendor Insecure Call to CreateProcess() Vulnerability

Source: CCN
Type: OSVDB ID: 17088
Microsoft AntiSpyware gsasDtServ.exe Path Subversion Privilege Escalation

Source: CCN
Type: OSVDB ID: 20988
Apple iTunes iTunesHelper.exe Path Subversion Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 21009
Kaspersky Anti-Virus Search Path Subversion Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 21010
RealPlayer Path Subversion Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 21011
VMware Workstation Search Path Subversion Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 22703
Check Point VPN-1 SecureClient SR_Watchdog.exe Path Subversion Local Privilege Escalation

Source: CCN
Type: BID-15446
Apple iTunes 6 For Windows Arbitrary Local Code Execution Vulnerability

Source: CCN
Type: BID-15448
Multiple Vendor lpCommandLine Application Path Vulnerability

Source: CCN
Type: BID-16290
Check Point VPN-1 SecureClient Path Specification Local Privilege Escalation Vulnerability

Source: XF
Type: UNKNOWN
multiple-vendor-insecure-createprocess(23094)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [08-15-2012]

Source: CCN
Type: IBM Security Bulletin 880775 (Cognos TM1)
IBM Cognos TM1 is affected by multiple vulnerabilities (CVE-2018-15494, CVE-2019-4245)

Source: CCN
Type: IBM Security Bulletin 884724 (Planning Analytics)
Multiple vulnerabilities affect IBM Planning Analytics

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:apple:itunes:4.7.1.30:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:antispyware:1.0.509:beta1:*:*:*:*:*:*
  • OR cpe:/a:checkpoint:vpn-1_secureclient:-:*:*:*:*:*:*:*
  • OR cpe:/a:norman:norman_virus_control:5.90:*:*:*:*:*:*:*
  • OR cpe:/a:agnitum:outpost_firewall:*:*:pro:*:*:*:*:*
  • OR cpe:/a:agnitum:outpost_security_suite:6.7.3.3063.452.0726:-:professional:*:*:*:*:*
  • OR cpe:/a:hauri:virobot_desktop:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:5.0.0_build_13124:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:cognos_tm1:10.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics:2.0.6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple itunes 4.7.1.30
    microsoft antispyware 1.0.509 beta1
    checkpoint vpn-1 secureclient -
    norman norman virus control 5.90
    agnitum outpost firewall *
    agnitum outpost security suite 6.7.3.3063.452.0726 -
    hauri virobot desktop 5.5
    vmware workstation 5.0.0_build_13124
    ibm cognos tm1 10.2.2
    ibm planning analytics 2.0.3
    ibm planning analytics 2.0
    ibm planning analytics 2.0.1
    ibm planning analytics 2.0.2
    ibm planning analytics 2.0.4
    ibm planning analytics 2.0.5
    ibm planning analytics 2.0.6