lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 19 Aug 2007 22:45:21 +0200 From: "David Maciejak" <david.maciejak@...il.com> To: monikerd <monikerd@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Microsoft Windows Live Messenger Live Call Local Privilege Escalation Vulnerability > David Maciejak wrote: > > Hi, > > > > Playing around with privilege escalation I found that WLM 8.0, 8.1 and > > probably newer (since live call feature in fact) are vulnerable to a local > > privilege escalation issue. It's not a critical flaw. > > The problem occurs when livecall.exe process is launch. > > The first time, the user need to click on phone icon after that each time > > it connect back on WLM the livecall.exe process is autolaunch. > > Quotes must be missing when this process is launch through svchost.exe > > because it tries first to launch Program.exe file at root default windows drive. > > Then, to exploit this issue the malicious user need to have enough write > > permission on default root path and wait for a more privilege user to > > connect to the local WLM. > > > > > Wow, you might need to take the time to put that sequence of words into > sentences. Using punctuation, capital letters, and structure:-) Sorry I write it too quickly :) > Basically what I analyze, is that if you have the rights to replace a file > with an *evil* exe it would get executed by somebody else. > > The real issue is, if there is in fact a privilege mismatch? As you said any program can be execute just by writing it as Program.exe. david maciejak > > > I have contacted Microsoft Security Team about that on July 11 2007, > > for them "this does not appear to be a security vulnerability". I > > don't think a patch will be addressed soon. > > > > cheers, > > David Maciejak > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists