Vigil@nce: Adobe, privilege elevation with NOS getPlus_HelperSvc.exe
July 2009 by Vigil@nce
An attacker can use the NOS getPlus_HelperSvc.exe service,
installed by Adobe, in order to elevate his privileges.
Severity: 2/4
Consequences: administrator access/rights
Provenance: user shell
Means of attack: 2 attacks
Ability of attacker: beginner (1/4)
Confidence: multiples sources (3/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 22/07/2009
IMPACTED PRODUCTS
– Adobe Acrobat/Reader
DESCRIPTION OF THE VULNERABILITY
The NOS "getPlus(R) Helper" service is installed and used by some
Adobe products, in order to check if updates are available. It is
not started by default.
The C:\Program Files\NOS\bin\GetPlus_HelperSvc.exe file, which is
the binary of the service is installed with the Full Control
permission. A local attacker can therefore replace this program by
a malicious program. It will run on the next start of the service,
with System privileges.
An attacker can therefore use the NOS getPlus_HelperSvc.exe
service in order to elevate his privileges.
CHARACTERISTICS
Identifiers: CVE-2009-2564, VIGILANCE-VUL-8878
http://vigilance.fr/vulnerability/Adobe-privilege-elevation-with-NOS-getPlus-HelperSvc-exe-8878