VAR-201305-0366
Vulnerability from variot - Updated: 2022-05-17 01:37Fujitsu is an ICT integrated service provider that provides industry solutions for the global market. There is a privilege elevation vulnerability in Fujitsu Desktop Update that allows malicious programs to execute in the context of the current user.
The application is registered as control panel item via
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace{070B64FF-795D-4DAA-88AD-6D3277C7E445}] @="Fujitsu DeskUpdate"
The "shell object" with GUID {070B64FF-795D-4DAA-88AD-6D3277C7E445} is registered with
[HKLM\SOFTWARE\Classes\CLSID{070B64FF-795D-4DAA-88AD-6D3277C7E445}] @="Fujitsu DeskUpdate" "InfoTip"=expand:"@C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdate.exe,-132" "System.ControlPanel.Category"=dword:00000005 "System.Software.TasksFileUrl"="C:\Program Files (x86)\Fujitsu\DeskUpdate\duconfig.xml"
[HKLM\SOFTWARE\Classes\CLSID{070B64FF-795D-4DAA-88AD-6D3277C7E445}\DefaultIcon] @=expand:"C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdate.exe,-0"
[HKLM\SOFTWARE\Classes\CLSID{070B64FF-795D-4DAA-88AD-6D3277C7E445}\Shell\Open\Command] @="C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdate.exe"
The last entry is a pathname with unquoted spaces and allows the execution of the rogue programs "C:\Program.exe" and/or "C:\Program Files.exe", as documented in http://msdn.microsoft.com/library/ms682425.aspx
Stefan Kanthak
PS: long pathnames containing spaces exist for about 20 years now in Windows, EVERY developer should know how to use them properly, and EVERY QA should check their proper use!
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0366",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "desktop update",
"scope": null,
"trust": 0.6,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "fujitsu",
"version": "*"
},
{
"model": "desktop update",
"scope": "eq",
"trust": 0.2,
"vendor": "fujitsu",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "fbae11a4-1f25-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-05069"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Kanthak",
"sources": [
{
"db": "PACKETSTORM",
"id": "121567"
}
],
"trust": 0.1
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-05069",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "fbae11a4-1f25-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-05069",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "fbae11a4-1f25-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "fbae11a4-1f25-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-05069"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fujitsu is an ICT integrated service provider that provides industry solutions for the global market. There is a privilege elevation vulnerability in Fujitsu Desktop Update that allows malicious programs to execute in the context of the current user. \n\n\nThe application is registered as control panel item via\n\n[HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ControlPanel\\NameSpace\\{070B64FF-795D-4DAA-88AD-6D3277C7E445}]\n@=\"Fujitsu DeskUpdate\"\n\n\nThe \"shell object\" with GUID {070B64FF-795D-4DAA-88AD-6D3277C7E445} is\nregistered with\n\n[HKLM\\SOFTWARE\\Classes\\CLSID\\{070B64FF-795D-4DAA-88AD-6D3277C7E445}]\n@=\"Fujitsu DeskUpdate\"\n\"InfoTip\"=expand:\"@C:\\\\Program Files (x86)\\\\Fujitsu\\\\DeskUpdate\\\\DeskUpdate.exe,-132\"\n\"System.ControlPanel.Category\"=dword:00000005\n\"System.Software.TasksFileUrl\"=\"C:\\\\Program Files (x86)\\\\Fujitsu\\DeskUpdate\\\\duconfig.xml\"\n\n[HKLM\\SOFTWARE\\Classes\\CLSID\\{070B64FF-795D-4DAA-88AD-6D3277C7E445}\\DefaultIcon]\n@=expand:\"C:\\\\Program Files (x86)\\\\Fujitsu\\\\DeskUpdate\\\\DeskUpdate.exe,-0\"\n\n[HKLM\\SOFTWARE\\Classes\\CLSID\\{070B64FF-795D-4DAA-88AD-6D3277C7E445}\\Shell\\Open\\Command]\n@=\"C:\\\\Program Files (x86)\\\\Fujitsu\\\\DeskUpdate\\\\DeskUpdate.exe\"\n\n\nThe last entry is a pathname with unquoted spaces and allows the\nexecution of the rogue programs \"C:\\Program.exe\" and/or\n\"C:\\Program Files.exe\", as documented in\n\u003chttp://msdn.microsoft.com/library/ms682425.aspx\u003e\n\n\nStefan Kanthak\n\nPS: long pathnames containing spaces exist for about 20 years\n now in Windows, EVERY developer should know how to use them\n properly, and EVERY QA should check their proper use!\n\n\n",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05069"
},
{
"db": "IVD",
"id": "fbae11a4-1f25-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "121567"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-05069",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "121567",
"trust": 0.7
},
{
"db": "IVD",
"id": "FBAE11A4-1F25-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "fbae11a4-1f25-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-05069"
},
{
"db": "PACKETSTORM",
"id": "121567"
}
]
},
"id": "VAR-201305-0366",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "fbae11a4-1f25-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-05069"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "fbae11a4-1f25-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-05069"
}
]
},
"last_update_date": "2022-05-17T01:37:06.613000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://packetstormsecurity.com/files/121567/fujitsu-desktop-update-privilege-escalation.html"
},
{
"trust": 0.1,
"url": "http://support.ts.fujitsu.com/deskupdate/index.asp\u003e),"
},
{
"trust": 0.1,
"url": "http://msdn.microsoft.com/library/ms682425.aspx\u003e"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05069"
},
{
"db": "PACKETSTORM",
"id": "121567"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "fbae11a4-1f25-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-05069"
},
{
"db": "PACKETSTORM",
"id": "121567"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-10T00:00:00",
"db": "IVD",
"id": "fbae11a4-1f25-11e6-abef-000c29c66e3d"
},
{
"date": "2013-05-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05069"
},
{
"date": "2013-05-08T22:22:22",
"db": "PACKETSTORM",
"id": "121567"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05069"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fujitsu Desktop Update Permission Elevation Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05069"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permission permission and access control",
"sources": [
{
"db": "IVD",
"id": "fbae11a4-1f25-11e6-abef-000c29c66e3d"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…