Tuesday, June 19, 2007

Symantec Device Driver Elevation of Privilege

HI
Norton Antivirus Engine is prone to a local privilege escalation vulnerability, which could be
exploited by local users in order to execute code with SYSTEM privileges.
Two Device Drivers are a  ected!  NAVEX15.sys, NAVENGsys.
thanx fly to Santamarta
Posted by REM at 13:39:50 | Permalink | No Comments »

NDIS-TDI Hooking Engine Drivers Privilege Escalation

HI
THE NEW SECTION IS COMING
ADVISORY
SO FOR FIRST OF THIS TOPIC :)
List of exploitable SSDT entries (Windows XP / KAV 7.0.0.55)

==================================
|[Idx] [function name] |
==================================
|[41 ] NtCreateKey
|[47 ] NtCreateProcess
|[48 ] NtCreateProcessEx
|[50 ] NtCreateSection
|[52 ] NtCreateSymbolicLinkObject
|[53 ] NtCreateThread
|[65 ] NtDeleteValueKey
|[99 ] NtLoadKey2
|[119] NtOpenKey
|[122] NtOpenProcess
|[125] NtOpenSection
|[177] NtQueryValueKey
==================================
Calls to these functions with wrong parameters will lead to immediately BSOD.

——NDIS-TDI Hooking Engine Drivers Privilege Escalation
       Kaspersky Products 
       [ Medium ]
Kaspersky Products  are prone to a local privilege escalation. Unprivileged
users can exploit this flaw  in order to execute arbitrary code with   Kernel
privileges.
Kaspersky implements its NDIS !DI Hooking Engine using two drivers,which rely
on an internal system of plugins. Plugin registering   is performed using a
privileged IOCTL.he security descriptor for both Devices is insecure so any
user can take advantage of this ”hidden” feature.
BY RUBEN Santamarta
Posted by REM at 13:29:14 | Permalink | No Comments »