Full Disclosure mailing list archives
::SPAM:: Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 19 Feb 2004 14:09:09 +0300
Spam detection software, running on the system "cw-2-e1.crocker.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or block similar future email. If you have any questions, see the administrator of that system for details. Content preview: Dear first last, --Thursday, February 19, 2004, 1:15:20 AM, you wrote to full-disclosure () lists netsys com: fl> There exist several vulnerabilities in one of Windows XP kernel's native API fl> functions which allow any user with the SeDebugPrivilege privilege to fl> execute arbitrary code in kernel mode, and read from and write to any memory fl> address, including kernel memory. [...] Content analysis details: (5.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.9 FROM_NO_LOWER 'From' has no lower-case characters 0.3 FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters 1.5 BODY_8BITS BODY: Body includes 8 consecutive 8-bit characters 0.7 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date 0.8 PRIORITY_NO_NAME Message has priority setting, but no X-Mailer
--- Begin Message --- From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 19 Feb 2004 14:09:09 +0300
Dear first last, --Thursday, February 19, 2004, 1:15:20 AM, you wrote to full-disclosure () lists netsys com: fl> There exist several vulnerabilities in one of Windows XP kernel's native API fl> functions which allow any user with the SeDebugPrivilege privilege to fl> execute arbitrary code in kernel mode, and read from and write to any memory fl> address, including kernel memory. SeDebugPrivilege allows you to change execution flow for any process or kill any process (for example security subsystem or any RPC server). This privilege is enough to compromise system in thousand ways by design. By default only Administrators have this privilege. -- ~/ZARAZA Электрические шоки очень полезны для формирования характера. (Лем)
--- End Message ---
Current thread:
- ::SPAM:: Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges 3APA3A (Mar 14)