[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation

To: "Michael Scheidell" <scheidell@xxxxxxxxxx>
Subject: Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
From: eugeny gladkih <john@xxxxxxxxx>
Date: Tue, 05 Dec 2006 22:16:45 +0300

>>>>> "MS" == Michael Scheidell <scheidell@xxxxxxxxxx> writes:

 >> we've found local privilege escalation in Symantec LiveState agent.
 >> 
 >> PoC:
 >> 
 >> 1. kill shstart.exe process

 MS> Wouldn't you have to be administrator to kill shstart.exe?

LocalSystem account has more privilegies then administrator's one.

-- 
Yours sincerely, Eugeny.
Doctor Web, Ltd. http://www.drweb.com

Follow-Ups:
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
  - From: Steve Shockley
- Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
  - From: Ansgar -59cobalt- Wiechers

References:
- RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
  - From: Michael Scheidell

Prev by Date: DistrRTgen 1.0 launched!
Next by Date: Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
Previous by thread: RE: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
Next by thread: Re: Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation
Index(es):
- Date
- Thread