On 2006-12-05 eugeny gladkih wrote: >> "MS" == Michael Scheidell <scheidell@xxxxxxxxxx> writes: >>> we've found local privilege escalation in Symantec LiveState agent. >>> >>> PoC: >>> >>> 1. kill shstart.exe process >> >> Wouldn't you have to be administrator to kill shstart.exe? > > LocalSystem account has more privilegies then administrator's one. So? As an administrator you can gain SYSTEM privileges at any time. This behaviour is by design. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
