Privilege escalation flaw in MDaemon 7.2.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Privilege escalation flaw in MDaemon 7.2.
From: Reed Arvin <reedarvin@xxxxxxxxx>
Date: 29 Nov 2004 15:46:01 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Summary:
A privilege escalation flaw exists in MDaemon 7.2 (http://www.mdaemon.com).

Details:
A privilege escalation technique can be used to gain SYSTEM level access while 
interacting with the MDaemon tray icon.

Vulnerable Versions:
MDaemon 7.2

Solutions:
The vendor was notified of the issue. There was no response.

Exploit:
1. Double click on the mail icon in the Taskbar to open the Alt-N MDaemon Pro 
window.
2. Click File, click New
3. Notepad should open.  In Notepad click File, click Open
4. In the Files of type: field choose All Files
5. Navagate to %WINDIR%\System32\
6. Right click cmd.exe and choose Open
7. A new command shell will open with SYSTEM privileges

Discovered by Reed Arvin reedarvin[at]gmail[dot]com

Follow-Ups:
- Re: Privilege escalation flaw in MDaemon 7.2.
  - From: kf_lists

Prev by Date: Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038
Next by Date: Password Disclosure for SMB Shares in KDE's Konqueror
Previous by thread: Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038
Next by thread: Re: Privilege escalation flaw in MDaemon 7.2.
Index(es):
- Date
- Thread