[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Privilege escalation flaw in MDaemon 7.2.

To: Reed Arvin <reedarvin@xxxxxxxxx>
Subject: Re: [Full-Disclosure] Privilege escalation flaw in MDaemon 7.2.
From: Kevin Finisterre <kf_lists@xxxxxxxxxxxxx>
Date: Mon, 29 Nov 2004 14:18:59 -0500

I discovered and reported this to the vendor over a year ago... the vendor did not respond to me either. Now thats service with a smile. =] -KF

Reed Arvin wrote:

Summary:
A privilege escalation flaw exists in MDaemon 7.2 (http://www.mdaemon.com).

Details:
A privilege escalation technique can be used to gain SYSTEM level
access while interacting with the MDaemon tray icon.

Vulnerable Versions:
MDaemon 7.2

Solutions:
The vendor was notified of the issue. There was no response.

Exploit:
1. Double click on the mail icon in the Taskbar to open the Alt-N
MDaemon Pro window.
2. Click File, click New
3. Notepad should open.  In Notepad click File, click Open
4. In the Files of type: field choose All Files
5. Navagate to %WINDIR%\System32\
6. Right click cmd.exe and choose Open
7. A new command shell will open with SYSTEM privileges

Discovered by Reed Arvin reedarvin[at]gmail[dot]com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Privilege escalation flaw in MDaemon 7.2.
  - From: kf_lists

References:
- [Full-Disclosure] Privilege escalation flaw in MDaemon 7.2.
  - From: Reed Arvin

Prev by Date: RE: [Full-Disclosure] Is www.sco.com hacked?
Next by Date: [Full-Disclosure] Buffer-overflow in Orbz 2.10
Previous by thread: [Full-Disclosure] Privilege escalation flaw in MDaemon 7.2.
Next by thread: Re: [Full-Disclosure] Privilege escalation flaw in MDaemon 7.2.
Index(es):
- Date
- Thread