Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-77


Acunetix Web Vulnerability Scanner DLL Loading Bugs Let Local Users Obtain System Privileges
Severity Rating: Medium
Systems Affected:
  • Acunetix Web Vulnerability Scanner versions prior to 11.0.170941159
Description
Two vulnerabilities have been identified in Acunetix Web Vulnerability Scanner and can be exploited by remote attacker to gain system privileges on the vulnerable system. The vulnerabilities reported are as follows:
 
·         The first vulnerability can allow a local user to access the PostgreSQL database server without authentication and cause the database to create a specially crafted DLL file and cause the system to execute the file with Local System privileges.
 
·         The second vulnerability exists when the Acunetix windows service launches the 'opsrv.exe' process and attempts to load 'python3.dll' from 'C:\DLLs\'. A local user can create a specially crafted DLL file and cause the file to be executed with Local System privileges.
 
Solution
Users are advised to update apply updates.
More information is available on:
 
Vendor Information
Acunetix
 
References
Security Tracker
 
Acunetix Support
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis