Vigil@nce - McAfee ePO Deep Command: privilege escalation via Unquoted Executable Path
June 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can store a malicious program in paths containing
a space, and which are used by McAfee ePO Deep Command, in order
to escalate his privileges.
Impacted products: ePO
Severity: 2/4
Creation date: 28/04/2015
DESCRIPTION OF THE VULNERABILITY
The McAfee ePO Deep Command product is used for remote
administration.
It calls executable programs located on user’s computer. However,
the path of the executable is not surrounded by quote characters.
A local attacker can therefore store a malicious program in paths
containing a space, and which are used by McAfee ePO Deep Command,
in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN