RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation

From: "Michael Scheidell" <scheidell@xxxxxxxxxx>
Date: Tue, 5 Dec 2006 07:40:59 -0500

-----Original Message-----
From: ss_team [mailto:ssteam.pl@xxxxxxxxx]
Sent: Monday, December 04, 2006 11:28 AM
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Symantec LiveState Agent for Windows vulnerability -
Local Privilege Escalation

hello,

we've found local privilege escalation in Symantec LiveState agent.

PoC:

1. kill shstart.exe process

Wouldn't you have to be administrator to kill shstart.exe?

2. from symantec livestate agent icon in systray choose "Web
Self-Service"
3. New browser window will open, it is running with SYSTEM privileges.

tested on fully patched Win XP SP2, Symantec LiveState agent 7.1

Credits: marc & shb

--
http://ssteam.ath.cx

Follow-Ups:
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
  - From: eugeny gladkih

Prev by Date: [KOffice security advisory] KOffice OLEfilter integer overflow
Next by Date: Re: GnuPG 1.4 and 2.0 buffer overflow
Previous by thread: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
Next by thread: Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
Index(es):
- Date
- Thread

Relevant Pages

RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
... Symantec LiveState Agent for Windows ... vulnerability - Local Privilege Escalation ... previous sandbox. ... This is stupid, and anyone who doesn't see how stupid this is isn't ...
(Bugtraq)
Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
... we've found local privilege escalation in Symantec LiveState agent. ... from symantec livestate agent icon in systray choose "Web Self-Service" ...
(Bugtraq)