Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [Windows XP] possible privilege escalation
From: bkfsec <bkfsec () sdf lonestar org>
Date: Tue, 31 May 2005 17:22:02 -0400

Pif Gadget wrote:


are you sure you didn't launch wmplayer form the setup process (something
like: start wmplayer when setup is complete).


Hmm, the setup program (.exe which runs an .msi) installs a classic "annoying" developpement app (the other day it was some Microsoft Office suite product). I doubt it would launch WMP for any reason, if it's what you meant. To get rid of the doubt, I just retried the installation process being logged in as Admin, and nope, it didn't launch WMP.




Just guessing here, but is it possible that the setup program could have tried to take ownership of the running process in order to ensure that an installation started in this way would complete successfully?

I'm not sure precisely how this could be done or that it would have been done in this package, but it makes the most sense out of any scenario that I can think of.

In either case, I'm not sure that it's a privelege escalation per-se for the reason that it required you having the administrator account in the first place to be able to escalate the process' priveleges. Where that could be dangerous is if an administrator got tricked into running an executable that escalated the priveleges of a malicious program, but once you get them to run that type of code you've got other options available to you that will probably be easier to utilize. Not that I can't see this being used in nasty ways or anything...

            -Barry

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault