[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] ::SPAM:: Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges

To: "first last" <randnut@xxxxxxxxxxx>
Subject: [Full-Disclosure] ::SPAM:: Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Thu, 19 Feb 2004 14:09:09 +0300

Spam detection software, running on the system "cw-2-e1.crocker.com", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Dear first last, --Thursday, February 19, 2004, 1:15:20
  AM, you wrote to full-disclosure@xxxxxxxxxxxxxxxx: fl> There exist
  several vulnerabilities in one of Windows XP kernel's native API fl>
  functions which allow any user with the SeDebugPrivilege privilege to
  fl> execute arbitrary code in kernel mode, and read from and write to
  any memory fl> address, including kernel memory. [...] 

Content analysis details:   (5.2 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 1.9 FROM_NO_LOWER          'From' has no lower-case characters
 0.3 FROM_HAS_MIXED_NUMS    From: contains numbers mixed in with letters
 1.5 BODY_8BITS             BODY: Body includes 8 consecutive 8-bit characters
 0.7 DATE_IN_PAST_03_06     Date: is 3 to 6 hours before Received: date
 0.8 PRIORITY_NO_NAME       Message has priority setting, but no X-Mailer

--- Begin Message ---

To: "first last" <randnut@xxxxxxxxxxx>
Subject: Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges
From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>
Date: Thu, 19 Feb 2004 14:09:09 +0300

Dear first last,

--Thursday, February 19, 2004, 1:15:20 AM, you wrote to 
full-disclosure@xxxxxxxxxxxxxxxx:

fl> There exist several vulnerabilities in one of Windows XP kernel's native API
fl> functions which allow any user with the SeDebugPrivilege privilege to
fl> execute arbitrary code in kernel mode, and read from and write to any memory
fl> address, including kernel memory.

SeDebugPrivilege  allows you to change execution flow for any process or
kill  any  process  (for  example security subsystem or any RPC server).
This  privilege  is  enough  to  compromise  system  in thousand ways by
design. By default only Administrators have this privilege.

-- 
~/ZARAZA
Электрические шоки очень полезны для формирования характера. (Лем)

--- End Message ---

Prev by Date: ::SPAM:: Re[2]: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
Next by Date: Re: [Full-Disclosure] PHPNuke
Previous by thread: ::SPAM:: Re[2]: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
Next by thread: [Full-Disclosure] Re: Re: Multiple issues with Mac OS X AFP client
Index(es):
- Date
- Thread