| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <00fe01c5b34a$894e77a0$5525a8c0@sndai102589>
Date: Wed, 7 Sep 2005 09:21:56 +0800
From: "cy.wang" <wangchunying@...a.com>
To: "Jerome Athias" <jerome.athias@...e.fr>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Microsoft Windows keybd_event
validation vulnerability
hi
what's the effect of this 'vulnerability' ?
it seems that messages can't be carried from a USER desktop to a prerogative desktop .
Regards,
c.y. wang
security analysis engineer
Shanda Interactive Entertainment Co. Ltd, Shanghai, China.
Phone: +86-21-50504740-5046
Email: wangchunying@...a.com
----- Original Message -----
From: "Jerome Athias" <jerome.athias@...e.fr>
To: "Frederic Charpentier" <fcharpen@...opartners.com>
Cc: <bugtraq@...urityfocus.com>; <full-disclosure@...ts.grok.org.uk>
Sent: Tuesday, September 06, 2005 7:20 PM
Subject: Re: [Full-disclosure] Microsoft Windows keybd_event validation vulnerability
> It was posted by Andres Tarasco to full-disclosure allready
>
> Additionaly:
>
> 1) french version of the advisory:
> http://www.athias.fr/alertes-bulletins-securite/20050905_Microsoft.Windows_Validation.keybd_event.html
>
> 2) I use to use this trick to obtain SYSTEM privileges with just ADMIN
> privileges:
>
> AT 20:00 /INTERACTIVE cmd.exe
>
> Cheers,
> /JA
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists