Local Privilege Escalation Vulnerabilities in Lotus Notes Client

[kochetkov.vladimir () gmail com]

Local Privilege Escalation Through Default ntmulti.exe File Permissions

Unprivileged users can execute arbitrary programs that run with the privileges of the LocalSystem account by replacing 
the Multi-user Cleanup Service executable with arbitrary executables. This vulnerability exists because the default 
file permissions assigned during installation to ntmulti.exe (the executable for the Multi-user Cleanup Service) allow 
unprivileged, interactive
users to replace ntmulti.exe with any file.

Because the Multi-user Cleanup Service is a Windows service running with LocalSystem privileges, unprivileged users can 
easily elevate their privileges.