Re: [Full-disclosure] [Windows XP] possible privilege escalation
From: NSC (news-letters_at_bluewin.ch)
Date: 05/30/05
- Previous message: Pif Gadget: "[Full-disclosure] [Windows XP] possible privilege escalation"
- In reply to: Pif Gadget: "[Full-disclosure] [Windows XP] possible privilege escalation"
- Next in thread: Pif Gadget: "Re: [Full-disclosure] [Windows XP] possible privilege escalation"
- Reply: Pif Gadget: "Re: [Full-disclosure] [Windows XP] possible privilege escalation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 May 2005 23:31:18 +0200 To: full-disclosure@lists.grok.org.uk
Pif Gadget a écrit :
> Hello,
>
> I've encountered twice a strange problem on my Windows XP SP2 (fully
> patched) box.
>
> I have 2 separate accounts on my personal system : Administrator (for
> administrative tasks only) and simple user (for common everyday
> tasks), for security and system integrity reasons.
>
> Today, being logged in the simple user account and having Windows
> Media Player launched, I executed an installation executable file
> (from Microsoft) as Administrator using "Execute as..." entry in the
> contextual menu. The application was successfuly installed. Later, I
> tried to close Windows Media Player, the window was closed but the
> music was still playing. I looked in the Task Manager in order to
> force quit WMP, but to my surprise the task (wmplayer.exe) did not
> belong to me ("simple user"), but to Administrator (It's worth
> mentioning that the Administrator account was not open at that moment
> - as it is possible with User Fast Switching, so no other instance of
> WMP was running.)
>
> This happened to me once before, with the same conditions (including
> running an installation app using "Execute as..."), but I couldn't
> reproduce the issue "manually".
>
>
> Best regards,
>
>
> --
> Pif
>
> _________________________________________________________________
> Ne cherchez plus, trouvez ! Avec le nouveau MSN Search.
> http://search.msn.fr/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Hello,
are you sure you didn't launch wmplayer form the setup process (something
like: start wmplayer when setup is complete).
In this case it, wmplayer starts with the rights from setup.exe, which
in your case is the
admin account.
Have anice day.
Spencer
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Pif Gadget: "[Full-disclosure] [Windows XP] possible privilege escalation"
- In reply to: Pif Gadget: "[Full-disclosure] [Windows XP] possible privilege escalation"
- Next in thread: Pif Gadget: "Re: [Full-disclosure] [Windows XP] possible privilege escalation"
- Reply: Pif Gadget: "Re: [Full-disclosure] [Windows XP] possible privilege escalation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
