Dell TrueMobile 1300 WLAN System Tray Applet本地权限提升漏洞

Dell TrueMobile 1300 WLAN System Tray Applet本地权限提升漏洞

漏洞ID 1107740 漏洞类型 设计错误
发布时间 2004-02-22 更新时间 2005-10-20
图片[1]-Dell TrueMobile 1300 WLAN System Tray Applet本地权限提升漏洞-安全小百科CVE编号 CVE-2004-2359
图片[2]-Dell TrueMobile 1300 WLAN System Tray Applet本地权限提升漏洞-安全小百科CNNVD-ID CNNVD-200412-1017
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/23739
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1017
|漏洞详情
DellTrueMobileTM1300WLAN是迷你PCI无线网卡系统,包含系统托盘Applet程序对设备进行控制。DellTrueMobile1300无线系统托盘Applet不正确调用系统权限,本地攻击者可以利用这个漏洞进行提升权限攻击。控制Applet程序以SYSTEM权限运行用于访问无线设备硬件,并之后正确丢弃权限,因此攻击者如果可访问目标系统,就可以以程序当前进程权限执行任意命令,导致权限提升。
|漏洞EXP
source: http://www.securityfocus.com/bid/9714/info

It has been reported that a privilege escalation vulnerability exists in the Dell TrueMobile 1300 Wireless System Tray Applet. The issue is due to the software starting with SYSTEM privileges, to enable access to the wireless hardware, and subsequently failing to drop them. 

This may allow a local attacker to manipulate the GUI of the vulnerable application to spawn arbitrary processes with the privileges of the affected process.

Although only version 3.10.39.0 of the utility has been reported vulnerable, it is likely that other versions are prone as well.

After launching the affected application, right click in the application window and choose Help -> Help Files and then from the help; Jump to URL C:WINDOWSSYSTEM32CMD.EXE

After launching the affected application, right click in the application window and choose Help -> About. By clicking on a link, Internet Explorer will start with SYSTEM privileges.
|参考资料

来源:XF
名称:dell-truemobile-gain-privileges(15285)
链接:http://xforce.iss.net/xforce/xfdb/15285
来源:BID
名称:9714
链接:http://www.securityfocus.com/bid/9714
来源:SECTRACK
名称:1009174
链接:http://securitytracker.com/id?1009174
来源:SECUNIA
名称:10949
链接:http://secunia.com/advisories/10949
来源:VULNWATCH
名称:20040222DellTrueMobileWirelessHelpPrivilegeEscalationVulnerability
链接:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0042.html
来源:NSFOCUS
名称:6088
链接:http://www.nsfocus.net/vulndb/6088

相关推荐: Interspire ArticleLive Multiple Remote Vulnerabilities

Interspire ArticleLive Multiple Remote Vulnerabilities 漏洞ID 1096748 漏洞类型 Unknown 发布时间 2005-05-04 更新时间 2005-05-04 CVE编号 N/A CNNVD-I…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享