Upstream information
Description
NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.NVD CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Novell/SUSE information
Novell Bugzilla entry: 546083 SUSE Security Advisories:- SUSE-SA:2009:049, published Mon, 26 Oct 2009 12:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE 10.3 |
| Builds |
| SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86 |
| sled10-sp2.x86-64 sled10-sp2.x86 ZYPP Patch Nr: 6584 |
| SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for x86 |
| sled10-sp3.x86-64 sled10-sp3.x86 ZYPP Patch Nr: 6583 |
| SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86 |
| sled10-sp2.x86-64 sled10-sp2.x86 ZYPP Patch Nr: 6582 |
| SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP3 for x86 |
| sled10-sp3.x86 sled10-sp3.x86-64 ZYPP Patch Nr: 6585 |
List of products where fixes are in QA
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64TSUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP3 for x86
SUSE Linux Enterprise Desktop 10 SP3 for x86