Microsoft Windows WMI服务隔离本地权限提升漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117574 漏洞类型 权限许可和访问控制
发布时间 2009-04-14 更新时间 2009-04-17
CVE编号 CVE-2009-0078 CNNVD-ID CNNVD-200904-274
漏洞平台 Windows CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/32891
https://www.securityfocus.com/bid/34442
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200904-274
|漏洞详情
MicrosoftWindows是美国微软(Microsoft)公司发布的一系列操作系统。Windows管理规范(WMI)提供程序没有正确地隔离NetworkService或LocalService帐号下运行的进程,同一帐号下运行的两个独立进程可以完全访问对方的文件句柄、注册表项等资源。WMI提供程序主机进程在某些情况下会持有SYSTEM令牌,如果攻击者可以以NetworkService或LocalService帐号访问计算机,攻击者就可以执行代码探索SYSTEM令牌的WMI提供程序主机进程。一旦找到了SYSTEM令牌,就可以获得SYSTEM级的权限提升。
|漏洞EXP
source: http://www.securityfocus.com/bid/34442/info

Microsoft Windows is prone to a privilege-escalation vulnerability.

Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected computers.

The issue affects the following:

Windows XP SP2
Windows Server 2003
Windows Vista
Windows Server 2008 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/32891.zip
|受影响的产品
Microsoft Windows XP Tablet PC Edition SP3 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows
|参考资料

来源:US-CERT
名称:TA09-104A
链接:http://www.us-cert.gov/cas/techalerts/TA09-104A.html
来源:MS
名称:MS09-012
链接:http://www.microsoft.com/technet/security/Bulletin/MS09-012.mspx
来源:VUPEN
名称:ADV-2009-1026
链接:http://www.vupen.com/english/advisories/2009/1026
来源:SECTRACK
名称:1022044
链接:http://www.securitytracker.com/id?1022044
来源:OSVDB
名称:53666
链接:http://osvdb.org/53666