Full Disclosure mailing list archives
Microsoft Windows Live Messenger Live Call Local Privilege Escalation Vulnerability
From: "David Maciejak" <david.maciejak () gmail com>
Date: Sun, 19 Aug 2007 17:59:24 +0200
Hi, Playing around with privilege escalation I found that WLM 8.0, 8.1 and probably newer (since live call feature in fact) are vulnerable to a local privilege escalation issue. It's not a critical flaw. The problem occurs when livecall.exe process is launch. The first time, the user need to click on phone icon after that each time it connect back on WLM the livecall.exe process is autolaunch. Quotes must be missing when this process is launch through svchost.exe because it tries first to launch Program.exe file at root default windows drive. Then, to exploit this issue the malicious user need to have enough write permission on default root path and wait for a more privilege user to connect to the local WLM. I have contacted Microsoft Security Team about that on July 11 2007, for them "this does not appear to be a security vulnerability". I don't think a patch will be addressed soon. cheers, David Maciejak _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Windows Live Messenger Live Call Local Privilege Escalation Vulnerability David Maciejak (Aug 19)