SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Client)  >   MDaemon (Alt-N) Vendors:   Alt-N Technologies
MDaemon System Tray Icon Lets Local Users Gain System Privileges
SecurityTracker Alert ID:  1012350
SecurityTracker URL:  http://securitytracker.com/id/1012350
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 29 2004
Impact:   Execution of arbitrary code via local system, Root access via local system
Exploit Included:  Yes  
Version(s): 7.2
Description:   A vulnerability was reported in MDaemon. A local user can gain System level privileges.

Reed Arvin reported that a local user can exploit a flaw in the MDaemon system tray icon to execute arbitrary commands with System level privileges.

A local user can open the MDaemon system tray icon and click 'File, New' to open Notepad. Then, in Notepad, the user can click 'File, Open' and select 'cmd.exe' from the Windows System32 directory to open a command shell with System privileges.

The vendor was notified without response.

Impact:   A local user can execute arbitrary commands and programs with system privileges.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.mdaemon.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-Disclosure] Privilege escalation flaw in MDaemon 7.2.


Summary:
A privilege escalation flaw exists in MDaemon 7.2 (http://www.mdaemon.com).

Details:
A privilege escalation technique can be used to gain SYSTEM level
access while interacting with the MDaemon tray icon.

Vulnerable Versions:
MDaemon 7.2

Solutions:
The vendor was notified of the issue. There was no response.

Exploit:
1. Double click on the mail icon in the Taskbar to open the Alt-N
MDaemon Pro window.
2. Click File, click New
3. Notepad should open.  In Notepad click File, click Open
4. In the Files of type: field choose All Files
5. Navagate to %WINDIR%\System32\
6. Right click cmd.exe and choose Open
7. A new command shell will open with SYSTEM privileges

Discovered by Reed Arvin reedarvin[at]gmail[dot]com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC