| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 19 Aug 2007 17:59:24 +0200 From: "David Maciejak" <david.maciejak@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Microsoft Windows Live Messenger Live Call Local Privilege Escalation Vulnerability Hi, Playing around with privilege escalation I found that WLM 8.0, 8.1 and probably newer (since live call feature in fact) are vulnerable to a local privilege escalation issue. It's not a critical flaw. The problem occurs when livecall.exe process is launch. The first time, the user need to click on phone icon after that each time it connect back on WLM the livecall.exe process is autolaunch. Quotes must be missing when this process is launch through svchost.exe because it tries first to launch Program.exe file at root default windows drive. Then, to exploit this issue the malicious user need to have enough write permission on default root path and wait for a more privilege user to connect to the local WLM. I have contacted Microsoft Security Team about that on July 11 2007, for them "this does not appear to be a security vulnerability". I don't think a patch will be addressed soon. cheers, David Maciejak _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists