CVE-2004-1149 - Unextinguished Common Loon

Description

Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4 including 7.0.1.4 installs its files with insecure permissions (ACLs) which allows local users to gain privileges by replacing critical programs with malicious ones as demonstrated using VetMsg.exe.

Reference

http://www.idefense.com/application/poi/display?id=164 http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter https://exchange.xforce.ibmcloud.com/vulnerabilities/18502