<<< Date Index >>>     <<< Thread Index >>>

Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation



>>>>> "MS" == Michael Scheidell <scheidell@xxxxxxxxxx> writes:

 >> we've found local privilege escalation in Symantec LiveState agent.
 >> 
 >> PoC:
 >> 
 >> 1. kill shstart.exe process

 MS> Wouldn't you have to be administrator to kill shstart.exe?

LocalSystem account has more privilegies then administrator's one.

-- 
Yours sincerely, Eugeny.
Doctor Web, Ltd. http://www.drweb.com