Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
From: Steve Shockley <steve.shockley@xxxxxxxxxxxx>
Date: Tue, 05 Dec 2006 14:55:51 -0500
In-reply-to: <87r6veqhk2.fsf@xxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <B3BCAF4246A8A84983A80DAB50FE72427DE3F5@xxxxxxxxxxxxxxxxxx> <87r6veqhk2.fsf@xxxxxxxxxx>
User-agent: Thunderbird 3.0a1 (Windows/20061113)

eugeny gladkih wrote:

"MS" == Michael Scheidell <scheidell@xxxxxxxxxx> writes:

 >> 1. kill shstart.exe process

 MS> Wouldn't you have to be administrator to kill shstart.exe?

LocalSystem account has more privilegies then administrator's one.


If you've already got Administrator, you can just run

at <time> /interactive "cmd.exe"

and get a shell as SYSTEM.

References:
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
  - From: Michael Scheidell
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
  - From: eugeny gladkih