[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Microsoft Windows keybd_event validation vulnerability
- To: "Jerome Athias" <jerome.athias@xxxxxxx>
- Subject: Re: [Full-disclosure] Microsoft Windows keybd_event validation vulnerability
- From: "cy.wang" <wangchunying@xxxxxxxx>
- Date: Wed, 7 Sep 2005 09:21:56 +0800
hi
what's the effect of this 'vulnerability' ?
it seems that messages can't be carried from a USER desktop to a
prerogative desktop .
Regards,
c.y. wang
security analysis engineer
Shanda Interactive Entertainment Co. Ltd, Shanghai, China.
Phone: +86-21-50504740-5046
Email: wangchunying@xxxxxxxx
----- Original Message -----
From: "Jerome Athias" <jerome.athias@xxxxxxx>
To: "Frederic Charpentier" <fcharpen@xxxxxxxxxxxxxxxx>
Cc: <bugtraq@xxxxxxxxxxxxxxxxx>; <full-disclosure@xxxxxxxxxxxxxxxxx>
Sent: Tuesday, September 06, 2005 7:20 PM
Subject: Re: [Full-disclosure] Microsoft Windows keybd_event validation
vulnerability
> It was posted by Andres Tarasco to full-disclosure allready
>
> Additionaly:
>
> 1) french version of the advisory:
>
> http://www.athias.fr/alertes-bulletins-securite/20050905_Microsoft.Windows_Validation.keybd_event.html
>
> 2) I use to use this trick to obtain SYSTEM privileges with just ADMIN
> privileges:
>
> AT 20:00 /INTERACTIVE cmd.exe
>
> Cheers,
> /JA
> _______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/