lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 8 Jan 2021 10:31:06 +0000
From: bo0od <>
Subject: Re: [FD] Backdoor.Win32.Xtreme.yvp / Insecure Permissions EoP

When you say backdoor, you mean backdoor which microsoft remotely using 
it or you mean a malware can take advantage of?

> Discovery / credits: malvuln - (c) 2021
> Original source:
> Contact:
> Media:
> Threat: Backdoor.Win32.Xtreme.yvp
> Vulnerability: Insecure Permissions EoP
> Description: Change permissions are granted to authenticated users,
> allowing privilege escalation.
> Type: PE32
> MD5: 7bd93c10c9373cfc2bcc8eff712631f1
> Vuln ID: MVID-2021-0017
> Dropped files: System.exe
> Disclosure: 01/08/2021
> Exploit/PoC:
> C:\>cacls C:\SystemG\System.exe
> C:\SystemG\System.exe BUILTIN\Administrators:(ID)F
>                        NT AUTHORITY\SYSTEM:(ID)F
>                        BUILTIN\Users:(ID)R
>                        NT AUTHORITY\Authenticated Users:(ID)C
> Disclaimer: The information contained within this advisory is supplied
> "as-is" with no warranties or guarantees of fitness of use or otherwise.
> Permission is hereby granted for the redistribution of this advisory,
> provided that it is not altered except by reformatting it, and that due
> credit is given. Permission is explicitly given for insertion in
> vulnerability databases and similar, provided that due credit is given to
> the author. The author is not responsible for any misuse of the information
> contained herein and accepts no responsibility for any damage caused by the
> use or misuse of this information. The author prohibits any malicious use
> of security related information or exploits by the author or elsewhere. Do
> not attempt to download Malware samples. The author of this website takes
> no responsibility for any kind of damages occurring from improper Malware
> handling or the downloading of ANY Malware mentioned on this website or
> elsewhere. All content Copyright (c) (TM).
> _______________________________________________
> Sent through the Full Disclosure mailing list
> Web Archives & RSS:

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists