Wednesday, November 24, 2010

Privilege escalation 0-day in almost all Windows versions

Today proof of concept code (source code, with a compiled binary) of a 0-day privilege escalation vulnerability in almost all Windows operating system versions (Windows XP, Vista, 7, Server 2008 ...) has been posted on a popular programming web site.

The vulnerability is a buffer overflow in kernel (win32k.sys) and, due to its nature allows an attacker to bypass User Access Control (UAC) on Windows Vista and 7 operating systems.What’s interesting is that the vulnerability exist in a function that queries the registry so in order to exploit this the attacker has to be able to create a special (malicious) registry key. Author of the PoC managed to find such a key that can be created by a normal user on Windows Vista and 7 (so, a user that does not even have any administrative privileges).

More Info: http://isc.sans.edu

Update:
I have just found the poc thanks to Gustavo Lima

Check: http://pastebin.com

and now on exploit-db - Elevation of privileges under Windows Vista/7 (UAC Bypass)

No comments: