BugTraq
Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation Dec 04 2006 04:28PM
ss_team (ssteam pl gmail com)
hello,

we've found local privilege escalation in Symantec LiveState agent.

PoC:

1. kill shstart.exe process
2. from symantec livestate agent icon in systray choose "Web Self-Service"
3. New browser window will open, it is running with SYSTEM privileges.

tested on fully patched Win XP SP2, Symantec LiveState agent 7.1

Credits: marc & shb

--
http://ssteam.ath.cx

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus