The second flaw it seems is not a big security issue.
Whats right for Google is not always right for customers.
We urge Google to make protection of customers our collective primary goal.
Both the vulnerabilities are reproduced below :
Issue No.
The check is done in the PopUserIsAdmin function.
On Windows 8+ the SeTokenIsAdmin method has been changed to check for the impersonation level so its not vulnerable.
It isnt clear if this has a serious security impact or not, therefore its being disclosed as is.
For PoC purposes Ive chosen to use function 45 PopRequestPowerListInfo (which doesnt require any special tricks.
Attached is a simple PoC which demonstrates the issue for execution on Windows 7.
To reproduce follow the steps.
Attached is a simple PoC which demonstrates the issue.
To reproduce follow the steps.
source: www.techworm.net
