navigation bar left navigation bar right

navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Less critical

SUPERAntiSpyware Multiple Vulnerabilities

-

Release Date:  2010-03-11    Views:  4,661

Secunia Advisory SA38917

Where:

You need to log in to view this

Impact:

You need to log in to view this

Solution Status:

You need to log in to view this

Software:

You need to log in to view this

CVE Reference(s):

You need to log in to view this

Description


Luka Milkovic has reported some vulnerabilities in SUPERAntiSpyware, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges


You need to log in to the Secunia Community to view the full description of this advisory

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: SUPERAntiSpyware Multiple Vulnerabilities

User Message
bjm__ RE: SUPERAntiSpyware Multiple Vulnerabilities
Member 11th Mar, 2010 21:10
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
Last edited on 11th Mar, 2010 21:20
Solution
Update to version 4.34.1000, which fixes some of the vulnerabilities.
Unable to update to version 4.34.1000 as vendor available current version is 4.34.0.1000
SUPERAntiSpyware 4.x 4.34.0.1000
PSI reports:
SUPERAntiSpyware 4.x
This installation of SUPERAntiSpyware 4.x is insecure and potentially exposes your system to security threats!

Secunia strongly recommends that you update this program by installing the update that is provided by the vendor of this program.
-------------------------------------------------- -----------
I have the current update that is provided by the vendor....4.34.0.1000
The product current ver 4.34.0.1000 has been installed on my box and has been reported as "secure" prior to Secunia "insecure" reporting for ver 4.34.1000
Is the "insecure" because this is only a partial fix?

bjm-

Was this reply relevant?
+6
-5
Anthony Wells RE: SUPERAntiSpyware Multiple Vulnerabilities
Expert Contributor 11th Mar, 2010 22:14
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 11th Mar, 2010 22:18
Hello bjm ,

Don't know if it is your eyes or mine but the SAS programme on my PC reports version 4.34.1000 and also the same programme version is offered for download from their website .

PSI is now reporting version 4.34.0.1000 as CAT 2 insecure , and directing to the latest installation link at SAS :ie: 4.34.1000 .

Following the PSI "installation path" the SAS .exe file in the programme folder shows 4.34.0.1000 . So everybody is right in one way or another :)

The question remains is the up to date version 4.34.x still vulnerable and if there is no fix why has it been moved to "insecure" ??

Perhaps we are rushing things and PSI needs to reset .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+5
-5

bjm__

RE: SUPERAntiSpyware Multiple Vulnerabilities
[+]
This reply has been minimised due to a negative Relevancy Score.
SUPERAntiSpy RE: SUPERAntiSpyware Multiple Vulnerabilities
Secunia Vendor 12th Mar, 2010 01:41
Score: 13
Posts: 1
User Since: 12th Mar 2010
System Score: N/A
Location: US
Last edited on 12th Mar, 2010 01:41
Hello all - my name is Nick Skrepetos owner of SUPERAntiSpyware.com. Luka contacted our company and has, what I believe, attempted to extort us over these "issues" - no one has EVER used any of these items to exploit ANYTHING in the real-world.

We altered our kernel drivers so that his test code would no longer have issues, and he simple re-reverse engineered the drivers to make his test "work" again - I have the original code and can provide that if necessary to show this fact.

NONE of the functions as described above can be accessed by "any" program unless the program is authenticated with our driver - Luka indicated he would NOT post the authentication scheme which he ripped from our program - without that, no other application can access our drivers - as we did not play into the potential extortion Luka has included that code for malware authors to exploit. As such, we are altering the authentication scheme as we do often to prevent potential exploits and hacking. As such, any piece of code, including that of the Windows Kernel has and will always be reverse engineered in time.

Luka's results essentially are like saying "I put sand in the pistons of a motor and now it crashed/stopped running" - there is always a way to force ANY driver to crash from kernel mode - NONE of the items documented by Luka are real-world and have not been exploited in over 5 years of the drivers being downloaded over 30 million times.

It's unfortunate that a single user such as Luka, who likely has another agenda, are allowed to post code and hide behind the walls of the Internet - all Luka is doing is helping malware authors.
Was this reply relevant?
+13
-0
Anthony Wells RE: SUPERAntiSpyware Multiple Vulnerabilities
Expert Contributor 12th Mar, 2010 12:20
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Thank you Nick for your explanation (even I understood it :)) ; I have good experience of your software (Free product only on my budget , I'm afraid :(() and hope you continue to defend us from black hats . Every force to your arm .

I trust Secunia will decide quickly as to why the "latest" 4.34.x version of SAS (fully patched in their eyes or not) is showing in the PSI "insecure" tab (as of this moment) when convention implies that it should still be in the "patched" tab .

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+6
-5
Anthony Wells RE: SUPERAntiSpyware Multiple Vulnerabilities
Expert Contributor 12th Mar, 2010 12:22
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 12th Mar, 2010 12:28
Double post ,deleted .

Update , SAS has now gone back into the "patched" tab , thank you everybody .

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+10
-8

cadence yedmore

RE: SUPERAntiSpyware Multiple Vulnerabilities
[+]
This reply has been minimised due to a negative Relevancy Score.
bjm__ RE: SUPERAntiSpyware Multiple Vulnerabilities
Member 24th Mar, 2010 18:17
Score: 64
Posts: 374
User Since: 9th Mar 2009
System Score: 100%
Location: US
Last edited on 24th Mar, 2010 18:21
Hello Dave
I see your message is @ SAS Vendor
I'll just toss in my thoughts for your consideration.
SAS has a removal tool available from their site > scroll the page > How do I uninstall?
http://www.superantispyware.com/precreateticket.ht...
------------------------
alternative ~ install Revo Uninstaller free version (see if Revo finds SAS)
Odd that control panel does not populate SAS....as you have SAS on your box.
-------------------------------
Are you sure it's SAS and not a rouge malicious application?

Cheers
bjm-
Was this reply relevant?
+4
-0

stvh1

RE: SUPERAntiSpyware Multiple Vulnerabilities
[+]
This reply has been minimised due to a negative Relevancy Score.

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+