lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed Jun  8 05:03:21 2005
From: kf_lists at digitalmunition.com (KF (lists))
Subject: [Windows XP] possible privilege escalation

Would this possibly have anything to do with MSIEXEC.exe (that is off 
the top of my head) running as system? I have occasionally seen this 
process chilling out running as SYSTEM.
-KF

NSC wrote:

>Pif Gadget a ?crit :
>
>  
>
>>Hello,
>>
>>I've encountered twice a strange problem on my Windows XP SP2 (fully
>>patched) box.
>>
>>I have 2 separate accounts on my personal system : Administrator (for
>>administrative tasks only) and simple user (for common everyday
>>tasks), for security and system integrity reasons.
>>
>>Today, being logged in the simple user account and having Windows
>>Media Player launched, I executed an installation executable file
>>(from Microsoft) as Administrator using "Execute as..." entry in the
>>contextual menu. The application was successfuly installed. Later, I
>>tried to close Windows Media Player, the window was closed but the
>>music was still playing. I looked in the Task Manager in order to
>>force quit WMP, but to my surprise the task (wmplayer.exe) did not
>>belong to me ("simple user"), but to Administrator (It's worth
>>mentioning that the Administrator account was not open at that moment
>>- as it is possible with User Fast Switching, so no other instance of
>>WMP was running.)
>>
>>This happened to me once before, with the same conditions (including
>>running an installation app using "Execute as..."), but I couldn't
>>reproduce the issue "manually".
>>
>>
>>Best regards,
>>
>>
>>-- 
>>Pif
>>
>>_________________________________________________________________
>>Ne cherchez plus, trouvez ! Avec le nouveau MSN Search.
>>http://search.msn.fr/
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>>
>>    
>>
>
>Hello,
>
>are you sure you didn't launch wmplayer form the setup process (something
>like: start wmplayer when setup is complete).
>
>In this case it, wmplayer starts with the rights from setup.exe, which
>in your case is the
>admin account.
>
>Have anice day.
>
>Spencer
>
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>  
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ