Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Dell TrueMobile Wireless Help Privilege Escalation Vulnerability

Feb 26, 2004 12:29AM PST

Due to a vulnerability in Dell TrueMobile's systray applet, the applet's inability to drop SYSTEM privileges when it tries to show the help file, a local attacker can gain administrative/SYSTEM privileges.

Vulnerable Systems:
* Windows XP and Dell TrueMobile 1300 WLAN Mini-PCI Card Utility Tray Applet version 3.10.39.0

The SYSTEM rights are not dropped when accessing the Dell TrueMobile Wireless Help from the systray applet. By right clicking and choosing Help -> Help Files and then from the help; Jump to URL C:\WINDOWS\SYSTEM32\CMD.EXE, gives you SYSTEM privileges. You can also gain SYSTEM privileges by right clicking and choosing Help -> About. By clicking on a link, Internet Explorer will start with SYSTEM privileges. Programs started from the web browser do not get their privileges dropped.

http://www.securiteam.com/windowsntfocus/5JP0N1PC0M.html

Discussion is locked