RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation

To: "lucretias" <lucretias@xxxxxxx>
Subject: RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
From: "Michael Scheidell" <scheidell@xxxxxxxxxx>
Date: Wed, 6 Dec 2006 08:23:18 -0500
Cc: <bugtraq@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AccX+73iS3Jp+mo2RYC/mEU5snhOkwAbsRHgADK/agAAAPb/UA==
Thread-topic: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation

> -----Original Message-----
> From: lucretias [mailto:lucretias@xxxxxxx] 
> Sent: Wednesday, December 06, 2006 7:56 AM
> To: Michael Scheidell
> Subject: RE: Symantec LiveState Agent for Windows 
> vulnerability - Local Privilege Escalation
> I think the issue is the process does not return in it's 
> previous sandbox.

So, do this, poc:

Log on to local machine as administrator.


Use IE:

BANG, you are using IE with elevated privledges.

This is stupid, and anyone who doesn't see how stupid this is isn't
listening.

Last free clue to anyone: if you don't understand this, and think this
is a security violation or if you think symantec needs to fix this, you
need to find a different job.  You will be chasing dragons when there is
real work to do.

Prev by Date: BTSaveMySql 1.2 (acces to config files)
Next by Date: Multiple Vendor Unusual MIME Encoding Content Filter Bypass
Previous by thread: Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
Next by thread: [USN-392-1] xine-lib vulnerability
Index(es):
- Date
- Thread