header-logo
Suggest Exploit
vendor:
Mailtraq
by:
Unknown
5.5
CVSS
MEDIUM
Privilege Escalation
269
CWE
Product Name: Mailtraq
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:mailtraq:mailtraq
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

Privilege Escalation in Mailtraq Administration Console

A local user can exploit the administration console interface in Mailtraq to escalate privileges. By double-clicking on the Mailtraq icon in the Taskbar, right-clicking in the right text pane and choosing View Source, and then opening cmd.exe with SYSTEM privileges, the user can launch a command prompt with elevated privileges.

Mitigation:

There is no known mitigation for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11708/info

Mailtraq allows a user to activate the Mailtraq administration console software by easily launching the software from an icon in the Windows system tray. It is reported that a local user may exploit the administration console interface to escalate privileges.

1. Double click on the Mailtraq icon in the Taskbar
2. Right click in the right text pane and choose View Source
3. Notepad should open. Click File, click Open
4. In the Files of type: field choose All Files
5. Navagate to '%WINDIR%\System32'. Right click on 'cmd.exe' and choose Open
7. A command prompt will launch with SYSTEM privileges