lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <46C88DA5.1000403@gmail.com>
Date: Sun, 19 Aug 2007 20:36:21 +0200
From: monikerd <monikerd@...il.com>
To: David Maciejak <david.maciejak@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Windows Live Messenger Live Call
 Local	Privilege Escalation Vulnerability

David Maciejak wrote:
> Hi,
>
> Playing around with privilege escalation I found that WLM 8.0, 8.1 and
> probably newer (since live call feature in fact) are vulnerable to a local
> privilege escalation issue. It's not a critical flaw.
> The problem occurs when livecall.exe process is launch.
> The first time, the user need to click on phone icon after that each time
> it connect back on WLM the livecall.exe process is autolaunch.
> Quotes must be missing when this process is launch through svchost.exe
> because it tries first to launch Program.exe file at root default windows drive.
> Then, to exploit this issue the malicious user need to have enough write
> permission on default root path and wait for a more privilege user to
> connect to the local WLM.
>
>   
Wow, you might need to take the time to put that sequence of words into
sentences. Using punctuation, capital letters, and structure:-)

Basically what I analyze, is that if you have the rights to replace a file
with an *evil* exe it would get executed by somebody else.

The real issue is, if there is in fact a privilege mismatch?

> I have contacted Microsoft Security Team about that on July 11 2007,
> for them "this does not appear to be a security vulnerability". I
> don't think a patch will be addressed soon.
>
> cheers,
> David Maciejak
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>   

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ