Vulnwatch mailing list archives
Dell TrueMobile Wireless Help Privilege Escalation Vulnerability
From: Ian Vitek <ian.vitek () sigtrap org>
Date: Sun, 22 Feb 2004 12:33:04 +0100 (CET)
Dell TrueMobile Wireless Help Privilege Escalation Vulnerability ================================================================ Overview -------- Successful exploitation elevates the local user rights to SYSTEM. This may only be considered a threat on a multi user system (Terminal Services, Citrix or a public computer). Verified systems ---------------- Windows XP and Dell TrueMobile 1300 WLAN Mini-PCI Card Utility Tray Applet Version 3.10.39.0. Other operating systems and versions may be vulnerable. Description ----------- The SYSTEM rights are not dropped when accessing the Dell TrueMobile Wireless Help from the systray applet. By right clicking and choosing Help -> Help Files and then from the help; Jump to URL C:\WINDOWS\SYSTEM32\CMD.EXE, gives you SYSTEM privileges. You can also gain SYSTEM privileges by right clicking and choosing Help -> About. By clicking on a link, Internet Explorer will start with SYSTEM privileges. Programs started from the web browser do not get their privileges dropped. Vendor contacts --------------- Feb 21 2004 02:08 From: csd at dell dot com To: dell at sigtrap dot org "Please ensure that your customer account or order/invoice number is included with your reply." Feb 21 2004 02:52 From: dell at sigtrap dot org To: uscemcsd1 at dell dot com "You (Dell) have a security problem in your (Dells) software. Detailed description below. I don't have any problem. If you (Dell) want to close this case, please do, but contact me ( dell at sigtrap dot org ) first." Feb 21 2004 15:54 From: csd at dell dot com To: dell at sigtrap dot org "I apologize, but I am unable to locate your account under this e-mail address." Dell tracking number: AT20040220_0000021076 Credit ------ Discovered by Ian Vitek
Current thread:
- Dell TrueMobile Wireless Help Privilege Escalation Vulnerability Ian Vitek (Feb 22)