Pif Gadget wrote:
are you sure you didn't launch wmplayer form the setup process
(something
like: start wmplayer when setup is complete).
Hmm, the setup program (.exe which runs an .msi) installs a classic
"annoying" developpement app (the other day it was some Microsoft
Office suite product). I doubt it would launch WMP for any reason, if
it's what you meant.
To get rid of the doubt, I just retried the installation process being
logged in as Admin, and nope, it didn't launch WMP.
Just guessing here, but is it possible that the setup program could have
tried to take ownership of the running process in order to ensure that
an installation started in this way would complete successfully?
I'm not sure precisely how this could be done or that it would have been
done in this package, but it makes the most sense out of any scenario
that I can think of.
In either case, I'm not sure that it's a privelege escalation per-se for
the reason that it required you having the administrator account in the
first place to be able to escalate the process' priveleges. Where that
could be dangerous is if an administrator got tricked into running an
executable that escalated the priveleges of a malicious program, but
once you get them to run that type of code you've got other options
available to you that will probably be easier to utilize. Not that I
can't see this being used in nasty ways or anything...
-Barry
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
