Privilege escalation flaw in MDaemon 7.2.
From: Reed Arvin (reedarvin_at_gmail.com)
Date: 11/29/04
- Previous message: Martin Schulze: "[SECURITY] [DSA 602-1] New libgd2 packages fix arbitrary code execution"
- Next in thread: kf_lists: "Re: Privilege escalation flaw in MDaemon 7.2."
- Reply: kf_lists: "Re: Privilege escalation flaw in MDaemon 7.2."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Nov 2004 15:46:01 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
Summary:
A privilege escalation flaw exists in MDaemon 7.2 (http://www.mdaemon.com).
Details:
A privilege escalation technique can be used to gain SYSTEM level access while interacting with the MDaemon tray icon.
Vulnerable Versions:
MDaemon 7.2
Solutions:
The vendor was notified of the issue. There was no response.
Exploit:
1. Double click on the mail icon in the Taskbar to open the Alt-N MDaemon Pro window.
2. Click File, click New
3. Notepad should open. In Notepad click File, click Open
4. In the Files of type: field choose All Files
5. Navagate to %WINDIR%\System32\
6. Right click cmd.exe and choose Open
7. A new command shell will open with SYSTEM privileges
Discovered by Reed Arvin reedarvin[at]gmail[dot]com
- Previous message: Martin Schulze: "[SECURITY] [DSA 602-1] New libgd2 packages fix arbitrary code execution"
- Next in thread: kf_lists: "Re: Privilege escalation flaw in MDaemon 7.2."
- Reply: kf_lists: "Re: Privilege escalation flaw in MDaemon 7.2."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
