BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies Oct 01 2013 11:21PM
Stefan Kanthak (stefan kanthak nexgo de)
Hi @ll,

in <http://seclists.org/fulldisclosure/2013/Sep/132> I showed a
elaborated way for privilege elevation using IExpress (and other
self-extracting) installers containing *.MSI or *.MSP which works
"in certain situations".

The same IExpress installer(s) but allow a TRIVIAL to exploit
privileg...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus