Guest FromTheRafters Posted April 1, 2009 Posted April 1, 2009 Just to satisfy my curiosity, would it have been possible to leverage the MS08-067 flaw for privilege escalation on the local machine? Quote
Guest Anteaus Posted April 11, 2009 Posted April 11, 2009 Yes. "FromTheRafters" wrote: <span style="color:blue"> > Just to satisfy my curiosity, would it have been possible to leverage > the MS08-067 flaw for privilege escalation on the local machine? > > > </span> Quote
Guest FromTheRafters Posted April 16, 2009 Posted April 16, 2009 Thanks Anteaus, but this site indicates otherwise. Are they indeed wrong about this? It wouldn't surprise me. http://www.ca.com/us/securityadvisor/vulni...n.aspx?id=36809 I've read that RPC calls that don't specify a net address are assumed to be local and I wonder if demarshalling and canonicalization are still performed on these requests leading to exploit by specially crafted requests. "Anteaus" <Anteaus@discussions.microsoft.com> wrote in message news:651825FD-C07F-4A29-AFB2-F7599257B247@microsoft.com...<span style="color:blue"> > Yes. > > > "FromTheRafters" wrote: ><span style="color:green"> >> Just to satisfy my curiosity, would it have been possible to leverage >> the MS08-067 flaw for privilege escalation on the local machine? >> >> >> </span></span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.