VULHUB ™

The IBM Remote Control Software package requires a client module to be loaded on NT hosts to be remotey controlled. This client module is loaded as an NT service and must run under either the local system account or the user context of a user account having administrative privileges. It has been discovered that this service may be exploited by a local user level account to execute code with administrator privileges. This vulnerability would allow a user (with no admin rights) to execute programs that might allow them to elevate their privileges to that of an administrator.

The IBM Remote Control Software package requires a client module to be loaded on NT hosts to be remotey controlled. This client module is loaded as an NT service and must run under either the local system account or the user context of a user account having administrative privileges. It has been discovered that this service may be exploited by a local user level account to execute code with administrator privileges. This vulnerability would allow a user (with no admin rights) to execute programs that might allow them to elevate their privileges to that of an administrator.