[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3215884919EC49D393A1729D31B2D96A@localhost>
Date: Thu, 9 May 2013 01:03:16 +0200
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: <bugtraq@...urityfocus.com>
Cc: <full-disclosure@...ts.grok.org.uk>
Subject: Re: Vulnerabilities in Windows 8 Professional x64 factory preinstallation of Fujitsu Lifebook A512 [continued]
On Sunday, May 05, 2013 10:13 PM I wrote:
> Hi @ll,
>
> Fujitsus <http://www.fsc-pc.de/> factory preinstallation (as
> found on a Fujitsu Lifebook A512 purchased a month ago) of
> Windows 8 Professional x64 (I'm VERY confident that other
> variants of Fujitsu's Windows 8 factory installation are just
> the like) has the following vulnerabilities which can lead to
> code execution in the context of the LocalSystem account.
>
>
> A. Command lines with unquoted paths containing spaces:
[...]
and missed some more REALLY nice vulnerabilities (just like the one
Microsoft fixed with <https://support.microsoft.com/kb/2781197>
alias <http://technet.microsoft.com/security/bulletin/ms13-034>,
which of course is present too).
A.6: TWO vulnerabilities in the preinstalled services from Fujitsu:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PFNService]
"ImagePath"=expand:"C:\\Program Files\\Fujitsu\\Plugfree NETWORK\\PFNService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PowerSavingUtilityService]
"ImagePath"=expand:"C:\\Program Files\\Fujitsu\\PSUtility\\PSUService.exe"
A.7: SIX vulnerabilities in the preinstalled services from Intel:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMPPALR3]
"ImagePath"=expand:"C:\\Program Files\\Intel\\BluetoothHS\\BTHSAmpPalService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EvtEng]
"ImagePath"=expand:"C:\\Program Files\\Intel\\WiFi\\bin\\EvtEng.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jhi_service]
"ImagePath"=expand:"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL\\jhi_service.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LMS]
"ImagePath"=expand:"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWiFiDHCPDNS]
"ImagePath"=expand:"C:\\Program Files\\Intel\WiFi\\bin\\PanDhcpDns.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc]
"ImagePath"=expand:"C:\\Program Files\\Common Files\\Intel\\WirelessCommon\RegSrvc.exe"
JFTR: two other services of Intel don't show this vulnerability!
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHSSecurityMgr]
"ImagePath"=expand:"""C:\\Program Files\\Intel\\BluetoothHS\\BTHSSecurityMgr.exe"""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UNS]
"ImagePath"=expand:"""C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\UNS\\UNS.exe"""
Stefan Kanthak
Powered by blists - more mailing lists