Luka Milkovic has reported some vulnerabilities in SUPERAntiSpyware, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges
You need to log in to the Secunia Community to view the full description of this advisory
If you are not a member of the Secunia community, you can sign up here for free.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Score: 64 Posts: 374 User Since: 9th Mar 2009 System Score: 100% Location: US Last edited on 11th Mar, 2010 21:20
Update to version 4.34.1000, which fixes some of the vulnerabilities.
Unable to update to version 4.34.1000 as vendor available current version is 126.96.36.1990
SUPERAntiSpyware 4.x 188.8.131.520
This installation of SUPERAntiSpyware 4.x is insecure and potentially exposes your system to security threats!
Secunia strongly recommends that you update this program by installing the update that is provided by the vendor of this program.
I have the current update that is provided by the vendor....184.108.40.2060
The product current ver 220.127.116.110 has been installed on my box and has been reported as "secure" prior to Secunia "insecure" reporting for ver 4.34.1000
Is the "insecure" because this is only a partial fix?
Score: 64 Posts: 374 User Since: 9th Mar 2009 System Score: 100% Location: US Last edited on 11th Mar, 2010 23:30
Hello Anthony Wells,
Our eyes are OK.
SAS Program Version via app UI ~ is as you report 4.34.1000
SAS via Control Panel > Programs -- 18.104.22.1680
SAS download ~ SUPERAntiSpyware.exe -- File version 22.214.171.1240
> Control Panel > Programs -- 126.96.36.1990
> C:\Program Files\SUPERAntiSpyware.exe -- 188.8.131.520
> PSI ~ Technical details Version Detected: 184.108.40.2060 some say tomato some say tomato
agree > The question remains is the up to date version 4.34.x still vulnerable and if there is no fix why has it been moved to "insecure"
PSI reports Solution Status Partial Fix
PSI Solution Update to version 4.34.1000, which fixes some of the vulnerabilities.
perhaps > moved to "insecure" because Solution Status is Partial Fix
Q: Does the vulnerability apply to Free & Paid product?
A: Assume it does?
For now SAS will remain as "insecure" as PSI Solution will not alter "insecure"
For now SAS will remain on the bench. Only used as On-Demand Scanner.
Score: 13 Posts: 1 User Since: 12th Mar 2010 System Score: N/A Location: US Last edited on 12th Mar, 2010 01:41
Hello all - my name is Nick Skrepetos owner of SUPERAntiSpyware.com. Luka contacted our company and has, what I believe, attempted to extort us over these "issues" - no one has EVER used any of these items to exploit ANYTHING in the real-world.
We altered our kernel drivers so that his test code would no longer have issues, and he simple re-reverse engineered the drivers to make his test "work" again - I have the original code and can provide that if necessary to show this fact.
NONE of the functions as described above can be accessed by "any" program unless the program is authenticated with our driver - Luka indicated he would NOT post the authentication scheme which he ripped from our program - without that, no other application can access our drivers - as we did not play into the potential extortion Luka has included that code for malware authors to exploit. As such, we are altering the authentication scheme as we do often to prevent potential exploits and hacking. As such, any piece of code, including that of the Windows Kernel has and will always be reverse engineered in time.
Luka's results essentially are like saying "I put sand in the pistons of a motor and now it crashed/stopped running" - there is always a way to force ANY driver to crash from kernel mode - NONE of the items documented by Luka are real-world and have not been exploited in over 5 years of the drivers being downloaded over 30 million times.
It's unfortunate that a single user such as Luka, who likely has another agenda, are allowed to post code and hide behind the walls of the Internet - all Luka is doing is helping malware authors.
Score: 2454 Posts: 3,345 User Since: 19th Dec 2007 System Score: N/A Location: N/A
Thank you Nick for your explanation (even I understood it :)) ; I have good experience of your software (Free product only on my budget , I'm afraid :(() and hope you continue to defend us from black hats . Every force to your arm .
I trust Secunia will decide quickly as to why the "latest" 4.34.x version of SAS (fully patched in their eyes or not) is showing in the PSI "insecure" tab (as of this moment) when convention implies that it should still be in the "patched" tab .
It always seems impossible until its done.
Score: -8 Posts: 24 User Since: 2nd Oct 2009 System Score: N/A Location: Houston, US
I somehow obtained SAS on my computer and don't remember installing it. How do I uninstall it? It's not located in my Control Panel where programs are normally uninstalled from. I have another Anti-Malware program I like so I don't need two of them. And, besides, a box popped up indicating a "bad image" when I clicked on the program, but then seems to run alright. Programs that don't populate in my Control Panel always seems to irritate me. Makes me thing someone is trying hide something from me.
Score: 64 Posts: 374 User Since: 9th Mar 2009 System Score: 100% Location: US Last edited on 24th Mar, 2010 18:21
I see your message is @ SAS Vendor
I'll just toss in my thoughts for your consideration.
SAS has a removal tool available from their site > scroll the page > How do I uninstall? http://www.superantispyware.com/precreateticket.ht...
alternative ~ install Revo Uninstaller free version (see if Revo finds SAS)
Odd that control panel does not populate SAS....as you have SAS on your box.
Are you sure it's SAS and not a rouge malicious application?