[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
From: Ben Campbell <eat_meatballs@xxxxxxxxxxxxx>
Date: Wed, 21 May 2014 22:59:57 +0100

C:\Program.exe is rarely an issue but other drives tend to have full ACL for 
Authenticated Users, so non-administrators can write to D:\Program.exe. If it 
is installed to that drive instead (e.g. primary drive is full/organisation has 
decided to organize file system that way) then the vulnerability becomes 
exploitable.
 
Not 100% sure if this applies in this instance, as it is using CreateProcess() 
and not sure how its generating the path, but I have seen this for services 
installed on the D:\. 
                                          

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
Next by Date: Re: [FD] [KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability
Previous by thread: [FD] XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques
Next by thread: [FD] rcrypt packer/crypter writeup and POC tool
Index(es):
- Date
- Thread