Full Disclosure mailing list archives
Re: Microsoft Windows Live Messenger Live Call Local Privilege Escalation Vulnerability
From: "David Maciejak" <david.maciejak () gmail com>
Date: Sun, 19 Aug 2007 22:45:21 +0200
David Maciejak wrote:Hi, Playing around with privilege escalation I found that WLM 8.0, 8.1 and probably newer (since live call feature in fact) are vulnerable to a local privilege escalation issue. It's not a critical flaw. The problem occurs when livecall.exe process is launch. The first time, the user need to click on phone icon after that each time it connect back on WLM the livecall.exe process is autolaunch. Quotes must be missing when this process is launch through svchost.exe because it tries first to launch Program.exe file at root default windows drive. Then, to exploit this issue the malicious user need to have enough write permission on default root path and wait for a more privilege user to connect to the local WLM.Wow, you might need to take the time to put that sequence of words into sentences. Using punctuation, capital letters, and structure:-)
Sorry I write it too quickly :)
Basically what I analyze, is that if you have the rights to replace a file with an *evil* exe it would get executed by somebody else. The real issue is, if there is in fact a privilege mismatch?
As you said any program can be execute just by writing it as Program.exe. david maciejak
I have contacted Microsoft Security Team about that on July 11 2007, for them "this does not appear to be a security vulnerability". I don't think a patch will be addressed soon. cheers, David Maciejak _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Windows Live Messenger Live Call Local Privilege Escalation Vulnerability David Maciejak (Aug 19)
- Re: Microsoft Windows Live Messenger Live Call Local Privilege Escalation Vulnerability monikerd (Aug 19)
- Re: Microsoft Windows Live Messenger Live Call Local Privilege Escalation Vulnerability David Maciejak (Aug 19)
- Re: Microsoft Windows Live Messenger Live Call Local Privilege Escalation Vulnerability monikerd (Aug 19)