BetaArchive Logo
Navigation Home Screenshots Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 57d, 15h, 57m | CPU: 15% | MEM: 5727MB of 10488MB used
{The community for beta collectors}

Forum rules


Any off topic discussions should go in this forum. Post count is not increased by posting here.
FTP Access status is required to post in this forum. Find out how to get it


Post new topic Reply to topic  [ 9 posts ] 
Author Message
 PostPost subject: Exploit code for Windows 7 injection vulnerability (7000)        Posted: Fri Jun 12, 2009 9:29 pm 
Reply with quote
Staff
User avatar
Offline

Joined
Sun Apr 12, 2009 11:22 pm

Posts
703

Location
/dev/urandom

Favourite OS
W7x64, OSX
An exploit code for Windows 7's UAC code injection vulnerability has been publicly released. I am unaware of where it has been released, however. 8-)

"Since MS say this is such a non-issue and have ignored my offers to give them the full details for over four months they can't mind me posting the app, source code and full details in public."

"...As the malicious code executed could silently elevate itself to have much more free reign over the system than before. If this isn’t enough indication that the default security policy in 7 is worse than Vista, than I don’t know what is."

http://www.istartedsomething.com/20090613/windows-7-uac-code-injection-vulnerability-video-demonstration-source-code-released/

And also;

http://leo.lss.com.au/W7E_VID_INT/W7E_VID_INT.htm

_________________
Web developer, part-time moderator, full-time CSS wizard.


Top  Profile
 PostPost subject: Re: Exploit code for Windows 7 injection vulnerability (7000)        Posted: Sat Jun 13, 2009 12:54 am 
Reply with quote
Staff
User avatar
Offline

Joined
Thu Oct 23, 2008 3:25 am

Posts
2688

Location
Earth.

Favourite OS
Real Life
If you didn't hear though, MS removed rundll32.exe and mmc.exe from the autoelevate list, that might be why they aren't responding, because it is fixed...

_________________
Visit my BLOG!
Wanna play a fun browser based game that plays while you're away? Click here.


Top  Profile  WWW  YIM
 PostPost subject: Re: Exploit code for Windows 7 injection vulnerability (7000)        Posted: Sat Jun 13, 2009 3:44 am 
Reply with quote
Donator
User avatar
Offline

Joined
Fri Jun 13, 2008 10:22 am

Posts
2366
This guy claims that his software will let you execute anything at admin level through code injection using any of the white-listed processes, regardless of whether or not they are run as admin.


Top  Profile
 PostPost subject: Re: Exploit code for Windows 7 injection vulnerability (7000)        Posted: Sat Jun 13, 2009 5:00 am 
Reply with quote
Donator
User avatar
Offline

Joined
Thu Oct 30, 2008 3:07 am

Posts
1252

Location
Los Angeles, California

Favourite OS
Windows 7 x64
QuiescentWonder wrote:
This guy claims that his software will let you execute anything at admin level through code injection using any of the white-listed processes, regardless of whether or not they are run as admin.

Any chance you can download this tool? If it is release to the masses, Microsoft will have to fix it for sure.

EDIT: It's available here in both x86 and x64 version: http://www.pretentiousname.com/misc/Win7ElevateV2.zip

_________________
Never leave home without PeerBlock, or you might not return at all.


Top  Profile
 PostPost subject: Re: Exploit code for Windows 7 injection vulnerability (7000)        Posted: Sat Jun 13, 2009 5:32 am 
Reply with quote
Donator
User avatar
Offline

Joined
Fri Jun 13, 2008 10:22 am

Posts
2366
Yeah, it opened a command prompt as Administrator on my machine through Explorer without prompting me once. It also worked on DWM and rundll32. This is all on a 64-bit install of 7201.

So, just like they claim, it basically makes UAC worthless at the default level on Windows 7.


Top  Profile
 PostPost subject: Re: Exploit code for Windows 7 injection vulnerability (7000)        Posted: Sat Jun 13, 2009 9:54 am 
Reply with quote
Staff
User avatar
Offline

Joined
Sun Apr 12, 2009 11:22 pm

Posts
703

Location
/dev/urandom

Favourite OS
W7x64, OSX
'Tis quite a shame, really. The UAC is built in with good intentions... But now this is out, I think Microsoft really need to re-think what's going on with it.

If this app can elevate any program, and elevate itself... Then disabling self-elevation would be a good place to start, no?

_________________
Web developer, part-time moderator, full-time CSS wizard.


Top  Profile
 PostPost subject: Re: Exploit code for Windows 7 injection vulnerability (7000)        Posted: Sat Jun 13, 2009 12:05 pm 
Reply with quote
Administrator
User avatar
Offline

Joined
Tue Feb 12, 2008 5:28 pm

Posts
7462
Or they just fix the bug.... there's a reason why Windows 7 has not gone final yet, not everything has been fixed yet :). However I am sure Microsoft knows about the issue by now and they will fix it, one way or another.

_________________
Image
Official guidelines: The Definitive Guide to BetaArchive :: Abandonware
Tools: Alcohol120% (Portable)
Listings: BetaArchive Database (beta)
Channels: Discord :: Twitter


Top  Profile  WWW
 PostPost subject: Re: Exploit code for Windows 7 injection vulnerability (7000)        Posted: Sat Jun 13, 2009 3:31 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Thu Oct 30, 2008 3:07 am

Posts
1252

Location
Los Angeles, California

Favourite OS
Windows 7 x64
Just another reason to turn UAC off completely. It's a worthless dump.

_________________
Never leave home without PeerBlock, or you might not return at all.


Top  Profile
 PostPost subject: Re: Exploit code for Windows 7 injection vulnerability (7000)        Posted: Sat Jun 13, 2009 9:49 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Thu Aug 24, 2006 8:03 am

Posts
1115

Location
Germany
no, set the slider to top!

Disabling is much more stupid!

@pizzaboy192

no, it is NOT fixed!

_________________
"Theory is when you know something, but it doesn't work. Practice is when something works, but you don't know why. Programmers combine theory and practice: Nothing works and they don't know why."


Top  Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 




Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2018

 

Sitemap | XML | RSS