[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <42A6A5B6.6070605@digitalmunition.com>
Date: Wed Jun 8 05:03:21 2005
From: kf_lists at digitalmunition.com (KF (lists))
Subject: [Windows XP] possible privilege escalation
Would this possibly have anything to do with MSIEXEC.exe (that is off
the top of my head) running as system? I have occasionally seen this
process chilling out running as SYSTEM.
-KF
NSC wrote:
>Pif Gadget a ?crit :
>
>
>
>>Hello,
>>
>>I've encountered twice a strange problem on my Windows XP SP2 (fully
>>patched) box.
>>
>>I have 2 separate accounts on my personal system : Administrator (for
>>administrative tasks only) and simple user (for common everyday
>>tasks), for security and system integrity reasons.
>>
>>Today, being logged in the simple user account and having Windows
>>Media Player launched, I executed an installation executable file
>>(from Microsoft) as Administrator using "Execute as..." entry in the
>>contextual menu. The application was successfuly installed. Later, I
>>tried to close Windows Media Player, the window was closed but the
>>music was still playing. I looked in the Task Manager in order to
>>force quit WMP, but to my surprise the task (wmplayer.exe) did not
>>belong to me ("simple user"), but to Administrator (It's worth
>>mentioning that the Administrator account was not open at that moment
>>- as it is possible with User Fast Switching, so no other instance of
>>WMP was running.)
>>
>>This happened to me once before, with the same conditions (including
>>running an installation app using "Execute as..."), but I couldn't
>>reproduce the issue "manually".
>>
>>
>>Best regards,
>>
>>
>>--
>>Pif
>>
>>_________________________________________________________________
>>Ne cherchez plus, trouvez ! Avec le nouveau MSN Search.
>>http://search.msn.fr/
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>
>Hello,
>
>are you sure you didn't launch wmplayer form the setup process (something
>like: start wmplayer when setup is complete).
>
>In this case it, wmplayer starts with the rights from setup.exe, which
>in your case is the
>admin account.
>
>Have anice day.
>
>Spencer
>
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
>
Powered by blists - more mailing lists