[Full-Disclosure] Process Killing - Playing with PostThreadMessage
Georgi Guninski
guninski at guninski.com
Thu Oct 2 11:30:22 BST 2003
On Thu, 2 Oct 2003 17:28:14 +1200
"Brett Moore" <brett.moore at security-assessment.com> wrote:
>
> It appears from our testing that any thread running under any security
> level will accept a WM_QUIT message, causing the process to terminate.
>
...
> While this does not have the security implications of 'privilege escalation'
> attacks, it may cause some concerns under certain circumstances.
>
In some circumstances this probably may be used for privilege escalation.
In windoze a process may escalate its privileges if a more privileged process writes to its named pipes. So if you manage to kill a process which holds important named pipe, then create the same named pipe and then someone writes to your named pipe you may elevate your privileges.
You may check http://www.guninski.com/dr07.html for an old demo.
georgi
Full-Disclosure is hosted and sponsored by Secunia.