https://www.exploit-db.com/exploits/19227
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199905-044

IBMNetfinity远程控制中存在漏洞。本地用户通过启动运行在系统级权限下的进程管理器中的程序获得管理员权限。

source: http://www.securityfocus.com/bid/284/info

The IBM Remote Control Software package requires a client module to be loaded on NT hosts to be remotey controlled. This client module is loaded as an NT service and must run under either the local system account or the user context of a user account having administrative privileges.

It has been discovered that this service may be exploited by a local user level account to execute code with administrator privileges. This vulnerability would allow a user (with no admin rights) to execute programs that might allow them to elevate their privileges to that of an administrator. 

Open the Netfinity client. Launch the Process Manager. From the Process Manager interface, launch arbitrary code. usrmgr.exe, musrmgr.exe, regedt32.exe, etc. may be launched and be used by the user level account to grant administrator privileges to any account on the host (or domain).

来源:NTBUGTRAQ
名称:19990609IBM’sresponseto”SecurityLeakwithIBMNetfinityRemoteControlSoftware
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m;=92902484317769&w;=2
来源:NTBUGTRAQ
名称:19990525SecurityLeakwithIBMNetfinityRemoteControlSoftware
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m;=92765856706547&w;=2
来源:BID
名称:284
链接:http://www.securityfocus.com/bid/284