<<< Date Index >>>     <<< Thread Index >>>

RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation



> -----Original Message-----
> From: lucretias [mailto:lucretias@xxxxxxx] 
> Sent: Wednesday, December 06, 2006 7:56 AM
> To: Michael Scheidell
> Subject: RE: Symantec LiveState Agent for Windows 
> vulnerability - Local Privilege Escalation
> I think the issue is the process does not return in it's 
> previous sandbox.

So, do this, poc:

Log on to local machine as administrator.


Use IE:

BANG, you are using IE with elevated privledges.

This is stupid, and anyone who doesn't see how stupid this is isn't
listening.

Last free clue to anyone: if you don't understand this, and think this
is a security violation or if you think symantec needs to fix this, you
need to find a different job.  You will be chasing dragons when there is
real work to do.