RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
> -----Original Message-----
> From: lucretias [mailto:lucretias@xxxxxxx]
> Sent: Wednesday, December 06, 2006 7:56 AM
> To: Michael Scheidell
> Subject: RE: Symantec LiveState Agent for Windows
> vulnerability - Local Privilege Escalation
> I think the issue is the process does not return in it's
> previous sandbox.
So, do this, poc:
Log on to local machine as administrator.
Use IE:
BANG, you are using IE with elevated privledges.
This is stupid, and anyone who doesn't see how stupid this is isn't
listening.
Last free clue to anyone: if you don't understand this, and think this
is a security violation or if you think symantec needs to fix this, you
need to find a different job. You will be chasing dragons when there is
real work to do.