[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
From: ss_team <ssteam.pl@xxxxxxxxx>
Date: Mon, 4 Dec 2006 17:28:05 +0100

hello,

we've found local privilege escalation in Symantec LiveState agent.

PoC:

1. kill shstart.exe process
2. from symantec livestate agent icon in systray choose "Web Self-Service"
3. New browser window will open, it is running with SYSTEM privileges.

tested on fully patched Win XP SP2, Symantec LiveState agent 7.1


Credits: marc & shb


--
http://ssteam.ath.cx

Prev by Date: [ MDKSA-2006:214-1 ] - Updated gv packages fix buffer overflow vulnerability
Next by Date: XSS in JAB Guest Book
Previous by thread: [ MDKSA-2006:214-1 ] - Updated gv packages fix buffer overflow vulnerability
Next by thread: RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
Index(es):
- Date
- Thread