| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <dfa3f00c-c631-e5bb-62d2-941121545dda@riseup.net> Date: Fri, 8 Jan 2021 10:31:06 +0000 From: bo0od <bo0od@...eup.net> To: fulldisclosure@...lists.org Subject: Re: [FD] Backdoor.Win32.Xtreme.yvp / Insecure Permissions EoP When you say backdoor, you mean backdoor which microsoft remotely using it or you mean a malware can take advantage of? malvuln: > Discovery / credits: malvuln - Malvuln.com (c) 2021 > Original source: > https://malvuln.com/advisory/7bd93c10c9373cfc2bcc8eff712631f1.txt > Contact: malvuln13@...il.com > Media: twitter.com/malvuln > > Threat: Backdoor.Win32.Xtreme.yvp > Vulnerability: Insecure Permissions EoP > Description: Change permissions are granted to authenticated users, > allowing privilege escalation. > Type: PE32 > MD5: 7bd93c10c9373cfc2bcc8eff712631f1 > Vuln ID: MVID-2021-0017 > Dropped files: System.exe > Disclosure: 01/08/2021 > > Exploit/PoC: > C:\>cacls C:\SystemG\System.exe > C:\SystemG\System.exe BUILTIN\Administrators:(ID)F > NT AUTHORITY\SYSTEM:(ID)F > BUILTIN\Users:(ID)R > NT AUTHORITY\Authenticated Users:(ID)C > > > Disclaimer: The information contained within this advisory is supplied > "as-is" with no warranties or guarantees of fitness of use or otherwise. > Permission is hereby granted for the redistribution of this advisory, > provided that it is not altered except by reformatting it, and that due > credit is given. Permission is explicitly given for insertion in > vulnerability databases and similar, provided that due credit is given to > the author. The author is not responsible for any misuse of the information > contained herein and accepts no responsibility for any damage caused by the > use or misuse of this information. The author prohibits any malicious use > of security related information or exploits by the author or elsewhere. Do > not attempt to download Malware samples. The author of this website takes > no responsibility for any kind of damages occurring from improper Malware > handling or the downloading of ANY Malware mentioned on this website or > elsewhere. All content Copyright (c) Malvuln.com (TM). > > _______________________________________________ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists