If the oplock is set, the cmd window that gets opened when pdf24-PrinterInstall.exe is executed doesn't close. SetOpLock.exe "C:\Program Files\PDF24\faxPrnInst.log" r To do that, one can use the 'SetOpLock.exe' tool from "" with the following parameters: This can be used by an attacker by simply setting an oplock on the file as soon as it gets read. SEC Consult Vulnerability Lab Security Advisory = title: Local Privilege Escalation via MSI installer product: PDF24 Creator (geek Software GmbH) vulnerable version: \pdf24-creator-11.14.0-圆4.msiĪt the very end of the repair process, the sub-process pdf24-PrinterInstall.exe gets called with SYSTEM privileges and performs a write action on the file "C:\Program Files\PDF24\faxPrnInst.log".
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |