Document Title: =============== HijackThis Log Analyse - Multiple Web Vulnerabilities Release Date: ============= 2011-07-22 Vulnerability Laboratory ID (VL-ID): ==================================== 107 Product & Service Introduction: =============================== HijackThis opens you a possibility to find and fix nasty entries on your computer easier. Therefore it will scan special parts in the registry and on your harddisk and compare them with the default settings. If there is some abnormality detected on your computer HijackThis will save them into a logfile. In order to find out what entries are nasty and what are installed by the user, you need some background information. A logfile is not so easy to analyze. Even for an advanced computer user. With the help of this automatic analyzer you are able to get some additional support. Just paste your complete logfile into the textbox at the bottom of this page. Due to a few misunderstandings, I just want to make it clear that this site provides only an online analysis, and not HijackThis the program. (Copy of the Vendor Homepage: http://www.hijackthis.de/) Abstract Advisory Information: ============================== Vulnerability Lab Team discovered multiple Web Vulnerabilities on Hijackthis Log Analyses Website Service. Vulnerability Disclosure Timeline: ================================== 2011-07-21: Public or Non-Public Disclosure Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ Multiple persistent Input Validation Vulnerabilities are detected on the famous HijackThis Log Analyse web service. A remote attacker is able to include own malicious persistent script codes on the web application service. Vulnerable Module(s): [+] User Assesment [+] Process Information [+] Analyzer References: http://www.hijackthis.de/rating.php?hjteintrag= http://www.hijackthis.de/analyzer.php?line= Pictures: ../assessment-process.png ../rating-process.png Example Thread: Kaspersky Lab\\Kaspersky Internet Security 2010\\avp.exe Attackers can include Scripts using the rating / assesment function into the process description. After the include process is completed, the script code is persistently executed when a customer checks the process of kaspersky(example|avp.exe) Proof of Concept (PoC): ======================= This Vulnerability can be exploited by remote attackers. For demonstration or reproduce ... HijackThis
Visitor's assessment
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe


Visitor's assessment
17.03.2010 - >"