|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Microsoft Windows keybd_event validation vulnerability
From: cy.wang (wangchunying
snda.com)
Date: Tue Sep 06 2005 - 20:21:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hi
what's the effect of this 'vulnerability' ?
it seems that messages can't be carried from a USER desktop to a prerogative desktop .
Regards,
c.y. wang
security analysis engineer
Shanda Interactive Entertainment Co. Ltd, Shanghai, China.
Phone: +86-21-50504740-5046
Email: wangchunyingsnda.com
----- Original Message -----
From: "Jerome Athias" <jerome.athiasfree.fr>
To: "Frederic Charpentier" <fcharpenxmcopartners.com>
Cc: <bugtraqsecurityfocus.com>; <full-disclosurelists.grok.org.uk>
Sent: Tuesday, September 06, 2005 7:20 PM
Subject: Re: [Full-disclosure] Microsoft Windows keybd_event validation vulnerability
> It was posted by Andres Tarasco to full-disclosure allready
>
> Additionaly:
>
> 1) french version of the advisory:
> http://www.athias.fr/alertes-bulletins-securite/20050905_Microsoft.Windows_Validation.keybd_event.html
>
> 2) I use to use this trick to obtain SYSTEM privileges with just ADMIN
> privileges:
>
> AT 20:00 /INTERACTIVE cmd.exe
>
> Cheers,
> /JA
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]