|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Windows: privilege elevation via DebugView
Synthesis of the vulnerability
A local attacker can obtain administrator privileges by using the Dbgv.sys driver.
Vulnerable products: Windows (platform) ~ not comprehensive.
Severity of this weakness: 1/4.
Consequences of a hack: administrator access/rights.
Hacker's origin: user shell.
Creation date: 07/11/2007.
Références of this bulletin: BID-26359, CVE-2007-4223, VIGILANCE-VUL-7314.
Description of the vulnerability
The Microsoft Sysinternals DebugView program displays debug messages generated on the system.
During its execution by the administrator, DebugView installs the Dbgv.sys driver, which becomes reachable by all users on the system.
However, this driver does not check ioctls it receives, which permits to corrupt memory.
A local attacker can therefore elevate his privileges when DebugView has been executed on the system.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides an applications vulnerabilities database. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.