CVE-2007-4415 Information

Description

Cisco VPN Client on Windows before 5.0.01.0600 and the 5.0.01.0600 InstallShield (IS) release uses weak permissions for cvpnd.exe (Modify granted to Interactive Users) which allows local users to gain privileges via a modified cvpnd.exe.

Reference

http://secunia.com/advisories/26459 http://securityreason.com/securityalert/3023 http://securitytracker.com/id?1018573 http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml http://www.securityfocus.com/archive/1/476812/100/0/threaded http://www.securityfocus.com/bid/25332 http://www.vupen.com/english/advisories/2007/2903 https://exchange.xforce.ibmcloud.com/vulnerabilities/36032