CVE-2019-9702: Symantec Encryption Desktop Local Privilege Escalation - Exploiting an Arbitrary Hard Disk Read/Write Vulnerability Over NTFS - Nettitude Labs
Tags
| attack-pattern: | Data Direct Model Bootkit - T1542.003 Hardware - T1592.001 Junk Data - T1001.001 Vulnerabilities - T1588.006 Bootkit - T1067 |
Common Information
| Type | Value |
|---|---|
| UUID | 3724d781-ce6c-4658-a926-9ea6527a5e14 |
| Fingerprint | 8c1bdc1415a4c791 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 28, 2017, 1:52 p.m. |
| Added to db | Jan. 18, 2023, 9:56 p.m. |
| Last updated | Nov. 17, 2024, 5:55 p.m. |
| Headline | CVE-2019-9702: Symantec Encryption Desktop Local Privilege Escalation – Exploiting an Arbitrary Hard Disk Read/Write Vulnerability Over NTFS |
| Title | CVE-2019-9702: Symantec Encryption Desktop Local Privilege Escalation - Exploiting an Arbitrary Hard Disk Read/Write Vulnerability Over NTFS - Nettitude Labs |
| Detected Hints/Tags/Attributes | 59/1/37 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 1 | cve-2019-9702 |
|
| Details | Domain | 216 | www.symantec.com |
|
| Details | Domain | 7 | www.osronline.com |
|
| Details | Domain | 281 | docs.microsoft.com |
|
| Details | Domain | 201 | msdn.microsoft.com |
|
| Details | Domain | 1 | www.dewassoc.com |
|
| Details | Domain | 1 | www.c-jump.com |
|
| Details | Domain | 3 | www.ntfs.com |
|
| Details | Domain | 145 | www.us-cert.gov |
|
| Details | File | 1 | pgpwded.sys |
|
| Details | File | 1 | eeddiskencryptiondriver.sys |
|
| Details | File | 1 | pgptray.exe |
|
| Details | File | 5 | article.cfm |
|
| Details | File | 3 | bb625963.aspx |
|
| Details | File | 1 | master_boot_record.htm |
|
| Details | File | 1 | week04ntfsreview.html |
|
| Details | File | 1 | ntfs-partition-boot-sector.htm |
|
| Details | File | 1 | ntfs-permissions-security-descriptor.htm |
|
| Details | File | 1 | ntfs-system-files.htm |
|
| Details | Url | 1 | https://www.symantec.com/products/desktop-email-encryption |
|
| Details | Url | 1 | https://www.osronline.com/article.cfm?article=97 |
|
| Details | Url | 1 | https://docs.microsoft.com/en-us/sysinternals/downloads/winobj |
|
| Details | Url | 3 | https://msdn.microsoft.com/en-us/library/bb625963.aspx |
|
| Details | Url | 2 | https://msdn.microsoft.com/en-us/library/windows/hardware/ff548630(v=vs.85).aspx |
|
| Details | Url | 1 | http://www.dewassoc.com/kbase/hard_drives/master_boot_record.htm |
|
| Details | Url | 1 | http://www.c-jump.com/bcc/t256t/week04ntfsreview/week04ntfsreview.html#w01_0150_master_file_table |
|
| Details | Url | 1 | http://www.c-jump.com/bcc/t256t/week04ntfsreview/week04ntfsreview.html#w01_0380_the_securitydescrip |
|
| Details | Url | 1 | http://www.c-jump.com/bcc/t256t/week04ntfsreview/week04ntfsreview.html#w01_0630_the_secure |
|
| Details | Url | 1 | http://www.c-jump.com/bcc/t256t/week04ntfsreview/week04ntfsreview.html#w01_0320_the_standardinforma |
|
| Details | Url | 1 | http://www.c-jump.com/bcc/t256t/week04ntfsreview/week04ntfsreview.html#w01_0360_the_filename_attrib |
|
| Details | Url | 1 | http://www.c-jump.com/bcc/t256t/week04ntfsreview/week04ntfsreview.html#w01_0410_the_data_attribute |
|
| Details | Url | 1 | http://www.c-jump.com/bcc/t256t/week04ntfsreview/week04ntfsreview.html#w01_0440_the_indexallocation |
|
| Details | Url | 1 | http://www.c-jump.com/bcc/t256t/week04ntfsreview/week04ntfsreview.html#w01_0420_runlists |
|
| Details | Url | 1 | http://www.ntfs.com/ntfs-partition-boot-sector.htm |
|
| Details | Url | 1 | http://www.ntfs.com/ntfs-permissions-security-descriptor.htm |
|
| Details | Url | 1 | http://www.ntfs.com/ntfs-system-files.htm |
|
| Details | Url | 3 | https://www.us-cert.gov/ncas/alerts/ta17-181a |