J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: 360 Degree Web PlatinumKey Access Control Bypass Application Execution Vulnerability

Severity: MODERATE

Description:

PlatinumKey is a SmartCard security application distributed by 360 Degree Web. It is available for some laptops that use Microsoft Windows operating systems.

PlatinumKey fails not properly restrict access to the desktop when SmartCard access control is enabled. Because of this, an attacker may be able to gain access to the task bar and potentially execute applications.

The problem is in the handling of certain key sequences. When the key sequence Control-Escape is pressed, the Windows task bar is displayed. An attacker could abuse this to gain access to the icons of recently run applications. By clicking one of the applications stored in the frequently accessed applications menu, an attacker could execute the application.

It is unclear what privileges the application will run with during exploitation of this vulnerability. The application will likely run with the privileges of the user whose session is locked.

Attackers may also use the 'Run' menu option to execute arbitrary commands. Attackers may then execute 'taskkill /f /im pcard.exe' or 'taskkill /f /im pccard.exe' to kill the screen-locking process. This allows them to completely bypass the security locking mechanism.

This problem has been reported to occur on the Acer Travelmate 600 and 800 series laptops. It may also affect other laptops using the same software with similar configurations.

Update: Acer Travelmate C300 and 8100 running Platinum Secure are also reported affected by this issue. Furthermore, by using the extra 'Web' button on keyboards, attackers may also gain access to the underlying operating system even if the Control-Escape sequence does not work.

UPDATE (February 15, 2008): Reports indicate that PlatinumKey 1.1.3a is not vulnerable to this issue.

Affected Products:

  • 360 Degree Web Platinum Secure
  • 360 Degree Web PlatinumKey

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.