Microsoft Windows Image Acquisition Service Privilege Escalation Vulnerability

Microsoft Windows Image Acquisition Service Privilege Escalation Vulnerability

An exploit is available for members of the Immunity Partner's program:

https://www.immunityinc.com/downloads/immpartners/stisvc_ex.tar.gz

This exploit is not known to be publicly available. Reportedly, the exploit works reliably even on computers with DEP enabled.

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.