Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Dell TrueMobile Vendors:   Dell
Dell TrueMobile Help Application Yields SYSTEM Privileges to Local Users
SecurityTracker Alert ID:  1009174
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 23 2004
Impact:   Execution of arbitrary code via local system, Root access via local system
Exploit Included:  Yes  
Description:   A vulnerability was reported in the Dell TrueMobile utility tray applet. A local user can gain SYSTEM privileges on the target system.

Ian Vitek reported that a local user can invoke the Help application for the Dell TrueMobile 1300 WLAN Mini-PCI Card and execute a command shell with SYSTEM privileges.

Demonstration exploit steps are provided in the Source Message.

The vendor was reportedly notified on February 21, 2004.

Impact:   A local user can execute arbitrary commands and applications with SYSTEM privileges.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  [VulnWatch] Dell TrueMobile Wireless Help Privilege Escalation Vulnerability

Dell TrueMobile Wireless Help Privilege Escalation Vulnerability

Successful exploitation elevates the local user rights to SYSTEM. This may only be considered a threat on a multi user system (Terminal
 Services, Citrix or a public computer).

Verified systems
Windows XP and Dell TrueMobile 1300 WLAN Mini-PCI Card Utility Tray Applet Version
Other operating systems and versions may be vulnerable.

The SYSTEM rights are not dropped when accessing the Dell TrueMobile Wireless Help from the systray applet. By right clicking and
 choosing Help -> Help Files and then from the help; Jump to URL C:\WINDOWS\SYSTEM32\CMD.EXE, gives you SYSTEM privileges. You can
 also gain SYSTEM privileges by right clicking and choosing Help -> About. By clicking on a link, Internet Explorer will start with
 SYSTEM privileges. Programs started from the web browser do not get their privileges dropped. 

Vendor contacts
Feb 21 2004 02:08
From: csd at dell dot com
To: dell at sigtrap dot org
"Please ensure that your customer account or order/invoice number
is included with your reply."

Feb 21 2004 02:52
From: dell at sigtrap dot org
To: uscemcsd1 at dell dot com
"You (Dell) have a security problem in your (Dells) software.
Detailed description below.
I don't have any problem.
If you (Dell) want to close this case, please do, but contact me ( dell at sigtrap dot org  ) first."

Feb 21 2004 15:54
From: csd at dell dot com
To: dell at sigtrap dot org
"I apologize, but I am unable to locate your account under this
e-mail address."

Dell tracking number: AT20040220_0000021076

Discovered by Ian Vitek


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, LLC