Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
From: "Michael Scheidell" <scheidell () secnap net>
Date: Wed, 6 Dec 2006 08:23:18 -0500


-----Original Message-----
From: lucretias [mailto:lucretias () shaw ca] 
Sent: Wednesday, December 06, 2006 7:56 AM
To: Michael Scheidell
Subject: RE: Symantec LiveState Agent for Windows 
vulnerability - Local Privilege Escalation
I think the issue is the process does not return in it's 
previous sandbox.

So, do this, poc:

Log on to local machine as administrator.


Use IE:

BANG, you are using IE with elevated privledges.

This is stupid, and anyone who doesn't see how stupid this is isn't
listening.

Last free clue to anyone: if you don't understand this, and think this
is a security violation or if you think symantec needs to fix this, you
need to find a different job.  You will be chasing dragons when there is
real work to do.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]