|
|
| |
| mIRC's DDE (Dynamic Data Exchange) support contains a vulnerability that allows lower-privileged programs to execute commands at higher-privileges whenever the mIRC has been enabled to support DDE and whenever it is executed at higher-privileges (Example, an administrator running an mIRC DDE server, and a guest user accessing it). |
| |
Credit:
The information has been provided by Shustrik .
|
| |
A security vulnerability has been found in mIRC's DDE feature, which allows DDE messaging between its instances and other software. Under a multi-user system (such as Windows 2000 Professional), the feature causes a security vulnerability.
To recreate the problem do the following:
1) Launch one copy of mIRC with an enabled DDE Server under an Administrative account.
2) Launch another one under a Guest account using the RunAs service.
3) Write /DDE mIRC command "" /run c:\program files\internet explorer\iexplore.exe in the second (Guest) client.
4) Internet Explorer will be launched under the administrative account.
This enables different users sharing one machine to overtake each other's accounts if mIRC is running with a DDE Server (this option is enabled by default).
|
|
|
