lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 15 Jul 2004 07:32:37 -0700 (PDT)
From: Cesar <cesarc56@...oo.com>
To: bugtraq@...urityfocus.com
Subject: Re: Microsoft Window Utility Manager Local Elevation of Privileges

See attached ;)

Cesar.
--- Chris Paget <ivegotta@...bom.co.uk> wrote:
> On Tue, 13 Jul 2004 16:00:33 -0400, you wrote:
> ...
> 
> This isn't quite right - on my system at least,
> browsing for cmd.exe
> in this way generates an error:
> "The C:\WINNT\system32\cmd.exe file is not a Windows
> Help file, or the
> file is corrupted."
> 
> That said, the file dialog can be made to display a
> ListView control
> (display details rather than a list).  This ListView
> control will
> accept both WM_SETTEXT (to inject shellcode into the
> caption of the
> window) followed by LVM_SORTITEMS (which specifies
> the address for a
> sort function) to execute said code.  It is a valid
> method for
> arbitrary code execution as LocalSystem, but not
> quite as simply as
> Vivek makes out.
> 
> Chris
> 
> -- 
> Chris Paget
> ivegotta@...bom.co.uk



		
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail 
View attachment "UtilManExploit2.c" of type "text/plain" (2468 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ