mailing list archives
RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
From: "Michael Scheidell" <scheidell () secnap net>
Date: Wed, 6 Dec 2006 08:23:18 -0500
From: lucretias [mailto:lucretias () shaw ca]
Sent: Wednesday, December 06, 2006 7:56 AM
To: Michael Scheidell
Subject: RE: Symantec LiveState Agent for Windows
vulnerability - Local Privilege Escalation
I think the issue is the process does not return in it's
So, do this, poc:
Log on to local machine as administrator.
BANG, you are using IE with elevated privledges.
This is stupid, and anyone who doesn't see how stupid this is isn't
Last free clue to anyone: if you don't understand this, and think this
is a security violation or if you think symantec needs to fix this, you
need to find a different job. You will be chasing dragons when there is
real work to do.