Dell TrueMobile 1300 WLAN System Tray Applet Local Privilege Escalation Vulnerability
BID:9714
Info
Dell TrueMobile 1300 WLAN System Tray Applet Local Privilege Escalation Vulnerability
| Bugtraq ID: | 9714 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 22 2004 12:00AM |
| Updated: | Feb 22 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to Ian Vitek. |
| Vulnerable: |
Dell TrueMobile 1300 WLAN Mini-PCI Card Utility 3.10.39 .0 |
| Not Vulnerable: | |
Discussion
Dell TrueMobile 1300 WLAN System Tray Applet Local Privilege Escalation Vulnerability
It has been reported that a privilege escalation vulnerability exists in the Dell TrueMobile 1300 Wireless System Tray Applet. The issue is due to the software starting with SYSTEM privileges, to enable access to the wireless hardware, and subsequently failing to drop them.
This may allow a local attacker to manipulate the GUI of the vulnerable application to spawn arbitrary processes with the privileges of the affected process.
Although only version 3.10.39.0 of the utility has been reported vulnerable, it is likely that other versions are prone as well.
It has been reported that a privilege escalation vulnerability exists in the Dell TrueMobile 1300 Wireless System Tray Applet. The issue is due to the software starting with SYSTEM privileges, to enable access to the wireless hardware, and subsequently failing to drop them.
This may allow a local attacker to manipulate the GUI of the vulnerable application to spawn arbitrary processes with the privileges of the affected process.
Although only version 3.10.39.0 of the utility has been reported vulnerable, it is likely that other versions are prone as well.
Exploit / POC
Dell TrueMobile 1300 WLAN System Tray Applet Local Privilege Escalation Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
After launching the affected application, right click in the application window and choose Help -> Help Files and then from the help; Jump to URL C:\WINDOWS\SYSTEM32\CMD.EXE
After launching the affected application, right click in the application window and choose Help -> About. By clicking on a link, Internet Explorer will start with SYSTEM privileges.
No exploit is required to leverage this issue. The following proof of concept has been provided:
After launching the affected application, right click in the application window and choose Help -> Help Files and then from the help; Jump to URL C:\WINDOWS\SYSTEM32\CMD.EXE
After launching the affected application, right click in the application window and choose Help -> About. By clicking on a link, Internet Explorer will start with SYSTEM privileges.
Solution / Fix
Dell TrueMobile 1300 WLAN System Tray Applet Local Privilege Escalation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Dell TrueMobile 1300 WLAN System Tray Applet Local Privilege Escalation Vulnerability
References:
References:
- Vendor Homepage (Dell)