Bugtraq mailing list archives
Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
From: ss_team <ssteam.pl () gmail com>
Date: Mon, 4 Dec 2006 17:28:05 +0100
hello, we've found local privilege escalation in Symantec LiveState agent. PoC: 1. kill shstart.exe process 2. from symantec livestate agent icon in systray choose "Web Self-Service" 3. New browser window will open, it is running with SYSTEM privileges. tested on fully patched Win XP SP2, Symantec LiveState agent 7.1 Credits: marc & shb -- http://ssteam.ath.cx
Current thread:
- Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation ss_team (Dec 04)
- <Possible follow-ups>
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Michael Scheidell (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation eugeny gladkih (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Steve Shockley (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Ansgar -59cobalt- Wiechers (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation eugeny gladkih (Dec 05)
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Thor (Hammer of God) (Dec 05)
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Michael Scheidell (Dec 06)