Bugtraq mailing list archives
RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
From: "Michael Scheidell" <scheidell () secnap net>
Date: Wed, 6 Dec 2006 08:23:18 -0500
-----Original Message----- From: lucretias [mailto:lucretias () shaw ca] Sent: Wednesday, December 06, 2006 7:56 AM To: Michael Scheidell Subject: RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation I think the issue is the process does not return in it's previous sandbox.
So, do this, poc: Log on to local machine as administrator. Use IE: BANG, you are using IE with elevated privledges. This is stupid, and anyone who doesn't see how stupid this is isn't listening. Last free clue to anyone: if you don't understand this, and think this is a security violation or if you think symantec needs to fix this, you need to find a different job. You will be chasing dragons when there is real work to do.
Current thread:
- Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation ss_team (Dec 04)
- <Possible follow-ups>
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Michael Scheidell (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation eugeny gladkih (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Steve Shockley (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Ansgar -59cobalt- Wiechers (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation eugeny gladkih (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Thor (Hammer of God) (Dec 05)
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Michael Scheidell (Dec 06)