Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Full-Disclosure] Privilege escalation flaw in MDaemon 7.2.
From: Reed Arvin (reedarvingmail.com)
Date: Mon Nov 29 2004 - 09:44:26 CST
A privilege escalation flaw exists in MDaemon 7.2 (http://www.mdaemon.com).
A privilege escalation technique can be used to gain SYSTEM level
access while interacting with the MDaemon tray icon.
The vendor was notified of the issue. There was no response.
1. Double click on the mail icon in the Taskbar to open the Alt-N
MDaemon Pro window.
2. Click File, click New
3. Notepad should open. In Notepad click File, click Open
4. In the Files of type: field choose All Files
5. Navagate to %WINDIR%\System32\
6. Right click cmd.exe and choose Open
7. A new command shell will open with SYSTEM privileges
Discovered by Reed Arvin reedarvin[at]gmail[dot]com
Full-Disclosure - We believe in it.