Vulnerability: Privilege Escalation in Microsoft Windows
Number of vulnerabilities: 1
Impact: Privilege escalation
CWE ID: No Information
Exploit: PoC code
Affected Products: Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7
– Microsoft Windows Vista;
– Microsoft Windows 2008;
– Microsoft Windows 7.
Vulnerability allows local users to gain escalated privileges.
The vulnerability is due to the fact that the service IKE and AuthIP IPsec Keying Modules tries to connect to a non-existent system library wlbsctrl.dll. A local user can place a malicious file with the same name in the search path by default and increase their privileges. Successful exploitation of the vulnerability on the system must be installed ActivePerl in the default configuration, or any other application that is installed in the root directory of the C drive and adds the path to the installation directory to the system environment variable PATH.
Manufacturer URL: www.microsoft.com
Solution: The way to eliminate the vulnerability does not exist at present.