Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies
Oct 01 2013 11:21PM
Stefan Kanthak (stefan kanthak nexgo de)
in <http://seclists.org/fulldisclosure/2013/Sep/132> I showed a
elaborated way for privilege elevation using IExpress (and other
self-extracting) installers containing *.MSI or *.MSP which works
"in certain situations".
The same IExpress installer(s) but allow a TRIVIAL to exploit
[ more ]
Copyright 2010, SecurityFocus