RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation

To: "ss_team" <ssteam.pl@xxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
From: "Michael Scheidell" <scheidell@xxxxxxxxxx>
Date: Tue, 5 Dec 2006 07:40:59 -0500
Cc: <security@xxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AccX+73iS3Jp+mo2RYC/mEU5snhOkwAbsRHg
Thread-topic: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation

> -----Original Message-----
> From: ss_team [mailto:ssteam.pl@xxxxxxxxx] 
> Sent: Monday, December 04, 2006 11:28 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Symantec LiveState Agent for Windows vulnerability - 
> Local Privilege Escalation
> 
> 
> hello,
> 
> we've found local privilege escalation in Symantec LiveState agent.
> 
> PoC:
> 
> 1. kill shstart.exe process

Wouldn't you have to be administrator to kill shstart.exe?


> 2. from symantec livestate agent icon in systray choose "Web 
> Self-Service"
> 3. New browser window will open, it is running with SYSTEM privileges.
> 
> tested on fully patched Win XP SP2, Symantec LiveState agent 7.1
> 
> 
> Credits: marc & shb
> 
> 
> -- 
> http://ssteam.ath.cx
>

Follow-Ups:
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
  - From: eugeny gladkih

Prev by Date: Re: Evolve Merchant[ injection sql ]
Next by Date: URL Rdirecction Bug Yahoo
Previous by thread: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
Next by thread: Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
Index(es):
- Date
- Thread