[Full-disclosure] [Windows XP] possible privilege escalation

Hello,

I've encountered twice a strange problem on my Windows XP SP2 (fully
patched) box.

I have 2 separate accounts on my personal system : Administrator (for
administrative tasks only) and simple user (for common everyday
tasks), for security and system integrity reasons.

Today, being logged in the simple user account and having Windows
Media Player launched, I executed an installation executable file
(from Microsoft) as Administrator using "Execute as..." entry in the
contextual menu. The application was successfuly installed. Later, I
tried to close Windows Media Player, the window was closed but the
music was still playing. I looked in the Task Manager in order to
force quit WMP, but to my surprise the task (wmplayer.exe) did not
belong to me ("simple user"), but to Administrator (It's worth
mentioning that the Administrator account was not open at that moment
- as it is possible with User Fast Switching, so no other instance of
WMP was running.)

This happened to me once before, with the same conditions (including
running an installation app using "Execute as..."), but I couldn't
reproduce the issue "manually".


Best regards,


--
Pif

_________________________________________________________________
Ne cherchez plus, trouvez ! Avec le nouveau MSN Search. 
http://search.msn.fr/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/