VULHUB ™

It has been reported that it is possible for attackers with desktop access to elevate to these privileges through an access validation error in Ultr@VNC. The vulnerability that is present is due to the use of the Win32 API call ShellExecute() to create a browser window. Privileges are not lowered before the IEXPLORE.EXE process is created and, consequently, the Explorer window will inherit administrative privileges. A malicious user may then use the SYSTEM level instance of Explorer to navigate the local filesystem and execute arbitrary programs.

It has been reported that it is possible for attackers with desktop access to elevate to these privileges through an access validation error in Ultr@VNC. The vulnerability that is present is due to the use of the Win32 API call ShellExecute() to create a browser window. Privileges are not lowered before the IEXPLORE.EXE process is created and, consequently, the Explorer window will inherit administrative privileges. A malicious user may then use the SYSTEM level instance of Explorer to navigate the local filesystem and execute arbitrary programs.