Hi @ll,
in http://seclists.org/fulldisclosure/2013/Sep/132 I showed a
elaborated way for privilege elevation using IExpress (and other
self-extracting) installers containing *.MSI or *.MSP which works
in certain situations.
The same IExpress installer(s) but allow a TRIVIAL to exploit
privilege
Advisory ID: HTB23173
Product: GLPI
Vendor: INDEPNET
Vulnerable Version(s): 0.84.1 and probably prior
Tested Version: 0.84.1
Advisory Publication: September 11, 2013 [without technical details]
Vendor Notification: September 11, 2013
Vendor Patch: September 12, 2013
Public Disclosure: October
Advisory ID: HTB23171
Product: Gnew
Vendor: Raoul Proença
Vulnerable Version(s): 2013.1 and probably prior
Tested Version: 2013.1
Advisory Publication: August 28, 2013 [without technical details]
Vendor Notification: August 28, 2013
Public Disclosure: October 2, 2013
Vulnerability Type: PHP