Elevation of Privilege in Microsoft Windows

Posted: October 10, 2012 in Vulnerabilities
Tags: , ,

MicrosoftVulnerability: Privilege Escalation in Microsoft Windows

Danger: Low
Patch: None
Number of vulnerabilities: 1
Impact: Privilege escalation
CWE ID: No Information
Exploit: PoC code
Affected Products: Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7

Affected versions:

– Microsoft Windows Vista;
– Microsoft Windows 2008;
– Microsoft Windows 7.

Description:

Vulnerability allows local users to gain escalated privileges.

The vulnerability is due to the fact that the service IKE and AuthIP IPsec Keying Modules tries to connect to a non-existent system library wlbsctrl.dll. A local user can place a malicious file with the same name in the search path by default and increase their privileges. Successful exploitation of the vulnerability on the system must be installed ActivePerl in the default configuration, or any other application that is installed in the root directory of the C drive and adds the path to the installation directory to the system environment variable PATH.

Manufacturer URL: www.microsoft.com

Solution: The way to eliminate the vulnerability does not exist at present.

links:

https://www.htbridge.com/advisory/HTB23108

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s