Re: UAC Bypass Vulnerability on "Windows 7" in Windows Script Host

[Rich Pieri]

On 8/26/15 8:09 PM, voz...@gmail.com wrote:
> Both ZDI and Microsoft are aware of this issue, expectedly ZDI didn't
> accept the admission because it's not a remote vulnerability.
> Surprisingly Microsoft didn't accept the vulnerability because "UAC
> isn't considered a security boundary".

UAC is not a security boundary. It's purpose is to annoy users in order
to force vendors to fix their bad code:

http://www.cnet.com/news/microsoft-vista-feature-designed-to-annoy-users/

-- 
Rich Pieri 
MIT Laboratory for Nuclear Science

Re: [Full-disclosure] pidgin OTR information leakage

[Rich Pieri]

On Feb 27, 2012, at 2:37 PM, Michele Orru wrote:
> I think you didn't understood the content of the advisory.
> If there are 10 non-root users in an Ubuntu machine for example,
> if user 1 is using pidgin with OTR compiled with DBUS, then user 2 to 10
> can see what user 1 pidgin conversation.


This is not what the OP or CVE describe:

>> plaintext. This makes it possible for attackers that have gained 
>> user-level access on a host, to listen in on private conversations 
>> associated with the victim account.

Which I read as: if I compromise user1's account then I can snoop user1's DBUS 
sessions.  It says nothing about me being able to snoop user2's sessions.  The 
leading phrase about attackers gaining user-level access implies that 
legitimate users on a system are not a relevant issue.

I believe that clarification is in order.

-- 
Rich Pieri 
MIT Laboratory for Nuclear Science