Re: [Full-disclosure] [Windows XP] possible privilege escalation
From: bkfsec (bkfsec_at_sdf.lonestar.org)
Date: 05/31/05
- Previous message: famato_at_infobyte.com.ar: "[Full-disclosure] ISR :: Infobyte Security Research :: (ISR-form.pl)"
- In reply to: Pif Gadget: "Re: [Full-disclosure] [Windows XP] possible privilege escalation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 31 May 2005 17:22:02 -0400 To: Pif Gadget <pif.gadget@hotmail.fr>
Pif Gadget wrote:
>
>> are you sure you didn't launch wmplayer form the setup process
>> (something
>> like: start wmplayer when setup is complete).
>
>
> Hmm, the setup program (.exe which runs an .msi) installs a classic
> "annoying" developpement app (the other day it was some Microsoft
> Office suite product). I doubt it would launch WMP for any reason, if
> it's what you meant.
> To get rid of the doubt, I just retried the installation process being
> logged in as Admin, and nope, it didn't launch WMP.
>
>
>
Just guessing here, but is it possible that the setup program could have
tried to take ownership of the running process in order to ensure that
an installation started in this way would complete successfully?
I'm not sure precisely how this could be done or that it would have been
done in this package, but it makes the most sense out of any scenario
that I can think of.
In either case, I'm not sure that it's a privelege escalation per-se for
the reason that it required you having the administrator account in the
first place to be able to escalate the process' priveleges. Where that
could be dangerous is if an administrator got tricked into running an
executable that escalated the priveleges of a malicious program, but
once you get them to run that type of code you've got other options
available to you that will probably be easier to utilize. Not that I
can't see this being used in nasty ways or anything...
-Barry
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: famato_at_infobyte.com.ar: "[Full-disclosure] ISR :: Infobyte Security Research :: (ISR-form.pl)"
- In reply to: Pif Gadget: "Re: [Full-disclosure] [Windows XP] possible privilege escalation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
