Unquoted Windows Search Path Privilege Escalation Vulnerability in Microsoft Antispyware 1.0.509 (Beta 1)

Unquoted Windows Search Path Privilege Escalation Vulnerability in Microsoft Antispyware 1.0.509 (Beta 1)

CVE-2005-2940 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935.

Learn more about our User Device Pen Test.