David Maciejak wrote: > Hi, > > Playing around with privilege escalation I found that WLM 8.0, 8.1 and > probably newer (since live call feature in fact) are vulnerable to a local > privilege escalation issue. It's not a critical flaw. > The problem occurs when livecall.exe process is launch. > The first time, the user need to click on phone icon after that each time > it connect back on WLM the livecall.exe process is autolaunch. > Quotes must be missing when this process is launch through svchost.exe > because it tries first to launch Program.exe file at root default windows > drive. > Then, to exploit this issue the malicious user need to have enough write > permission on default root path and wait for a more privilege user to > connect to the local WLM. > > Wow, you might need to take the time to put that sequence of words into sentences. Using punctuation, capital letters, and structure:-)
Basically what I analyze, is that if you have the rights to replace a file with an *evil* exe it would get executed by somebody else. The real issue is, if there is in fact a privilege mismatch? > I have contacted Microsoft Security Team about that on July 11 2007, > for them "this does not appear to be a security vulnerability". I > don't think a patch will be addressed soon. > > cheers, > David Maciejak > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
