• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

BakBone NetVault NVStatsMngr.EXE Local Privilege Escalation Vulnerability

Proceeding through the following steps will result in a command prompt running with SYSTEM level privileges:
1. Utilize the exploit to get the C:\Program Files\BakBone Software\NetVault\bin\nvstatsmngr.exe
window to appear. Access the window menu in the upper left and click
Properties.
2. Right click on the word Window under the Display Options and click
What's This?
3. Right click on the help text that is shown in yellow and click Print Topic.
4. Right click on any printer and click Open.
5. Click Help, Help Topics.
6. Right click in the right side of the help screen and click View Source.
7. Notepad will appear (running under the context of the LocalSystem
account). Click File, click Open.
8. Change Files of type: to All Files, navigate to the system32
directory and locate cmd.exe. Right click cmd.exe and choose Open.

The following exploit will unhide the 'nvstatsmngr.exe' service window:

• /data/vulnerabilities/exploits/nvstatsmngrPrivEsc.c