Viscosity 1.6.7 – Local Privilege Escalation

Exploit Database
92 阅读

作者： Kacper Szurek

日期： 2017-01-31
类别：
- local
平台：
- windows
来源：https://www.exploit-db.com/exploits/41207/

# Exploit Title: Viscosity for Windows 1.6.7 Privilege Escalation
# Date: 31.01.2017
# Software Link: https://www.sparklabs.com/
# Exploit Author: Kacper Szurek
# Contact: https://twitter.com/KacperSzurek
# Website: https://security.szurek.pl/
# Category: local
 
1. Description

It is possible to execute openvpn with custom dll as SYSTEM using ViscosityService because path is not correctly validated. 

https://security.szurek.pl/viscosity-for-windows-167-privilege-escalation.html

2. Proof of Concept

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/41207.zip

3. Solution

Update to version 1.6.8

https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-6-8/

last Exploits
Viscosity 1.6.7 – Local Privilege Escalation的更多信息

A-PDF All to MP3 Converter 2.0.0 – ‘.wav’ Local Buffer Overflow (SEH)：
MikeyZip 1.1 – ‘.zip’ Local Buffer Overflow：
Microsoft Exchange Mailbox Assistants 15.0.847.40 – ‘Service MSExchangeMailboxAssistants’ Unquoted Service Path：
AnvSoft Any Video Converter 4.3.6 – Local Stack Overflow：
Calibre E-Book Reader – Local Privilege Escalation (2)：
Nginx (Debian Based Distros + Gentoo) – ‘logrotate’ Local Privilege Escalation：
Microsoft Windows Defender / Trojan.Win32/Powessere.G – Detection Mitigation Bypass：
Any Sound Recorder 2.93 – Buffer Overflow Local (SEH) (Metasploit)：