Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Windows Vista Power Management & Local Security Policy

From: Jim Harrison <Jim () isatools org>
Date: Tue, 22 Jul 2008 12:46:43 -0700
You can't waste your time chasing things that "might lead to cats & dogs living together in sin".  Specifically, 
there's no "privilege escalation" beyond that which began with "if I install..."  It's pretty well understood that once 
you have the ability to place your own code on a machine, it's "game over".

Don'tet me wrong; I think it's quite valid for someone to report something they feel is a vuln; even (or maybe even 
especially) if they can't demonstrate an exploit based on it.  There have been plenty of reports herein and without 
that were actually proven by others.  This is one of the things that makes open discussion so valuable.

So far, no one has demonstrated an exploit that depends on this behavior _alone_.

Jim

________________________________________
From: James C. Slora Jr. [james.slora () phra com]
Sent: Tuesday, July 22, 2008 8:15 AM
To: bugtraq () securityfocus com
Subject: RE: Windows Vista Power Management & Local Security Policy

So is this the bottom line?

This is a security mechanism bug that might lead to privilege escalation
for arbitrary user processes. The OP has left it for others to determine
exploitability.
Previous By Date Next
Previous By Thread Next

Current thread: