Closed GoogleCodeExporter closed 9 years ago
Original comment by fors...@google.com
on 29 Aug 2014 at 2:22
Original comment by fors...@google.com
on 11 Nov 2014 at 6:17
Original comment by fors...@google.com
on 12 Nov 2014 at 11:05
MS bulletin: https://technet.microsoft.com/library/security/MS14-071
Original comment by cev...@google.com
on 20 Nov 2014 at 1:09
This vulnerability is exploitable through a windows API "MessageBox"
Because the MessageBox will call MessageBeep, In win32k.sys MessageBeep will
call the rpc which the endpoint is taskhost process. And the taskhost process
run at medium integrity level. taskhost process will call the rpc(the endpoint
is audiosrv) to write the RegistryKey.
Original comment by progm...@gmail.com
on 26 Mar 2015 at 3:06
Attachments:
Very interesting analysis thanks, I assumed there was probably a way of
exploiting without a prompt but I didn't think it was worth the effort to go
through the process of finding it.
Original comment by fors...@google.com
on 26 Mar 2015 at 8:01
Original issue reported on code.google.com by
fors...@google.com
on 25 Aug 2014 at 5:34Attachments: