Full Disclosure mailing list archives
Re: EEYE: Windows VDM #UD Local Privilege Escalation
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Wed, 13 Oct 2004 10:50:49 -0400
KF_lists wrote:
ISS would like to have you believe otherwise... when I contacted them about the Local SYSTEM escalation in BlackICE we went in circles over the fact that I feel that taking local SYSTEM on a win32 box IS a problem and they don't. They tryed to say some crap like "in all our years in the industry we have never had a customer state that local windows security was a concern... blah blah (paraphrasing)". And something along the lines of "Windows is not a true multi-user system (like unix) so local escalation means nothing."-KF
*feigned look of surprise*
Then how do they explain trojan horses, adware, and spyware?!?
-Barry
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- EEYE: Windows VDM #UD Local Privilege Escalation Derek Soeder (Oct 12)
- Re: EEYE: Windows VDM #UD Local Privilege Escalation Pablo (Oct 13)
- Re: EEYE: Windows VDM #UD Local Privilege Escalation Brent J. Nordquist (Oct 13)
- Re: EEYE: Windows VDM #UD Local Privilege Escalation Barry Fitzgerald (Oct 13)
- Re: EEYE: Windows VDM #UD Local Privilege Escalation KF_lists (Oct 13)
- Re: EEYE: Windows VDM #UD Local Privilege Escalation Barry Fitzgerald (Oct 13)
- Re: EEYE: Windows VDM #UD Local Privilege Escalation David Maynor (Oct 14)
- Re: EEYE: Windows VDM #UD Local Privilege Escalation kf_lists (Oct 14)
- Re: EEYE: Windows VDM #UD Local Privilege Escalation KF_lists (Oct 13)
- Re: EEYE: Windows VDM #UD Local Privilege Escalation Pablo (Oct 13)