Vuln Dev
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: Windows Vista winsat.exe Integer Overflow Mar 29 2008 03:03AM
Steve Shockley (steve shockley shockley net)
jose (at) eyeos (dot) org [email concealed] wrote:
> if you can control the
> process, you can use this kind of bugs as way to trick the user to
> bypass the UAC and get admin.

You'd still have to convince the user to bypass UAC when he wasn't
expecting a UAC prompt, in addition to getting them to run it in the
first place.

[ more ]  

Privacy Statement
Copyright 2010, SecurityFocus