IE sandbox elevation of privilege vulnerability, CVE-2 0 1 5-0 0 1 6 analysis-vulnerability warning-the black bar safety net

ID MYHACK58:62201558565
Type myhack58
Reporter 佚名
Modified 2015-01-30T00:00:00


This month, Microsoft's“Tuesday patch”coming out, including*MS15-0 0 4patch, repair a could cause elevation of Privilege vulnerabilities (* CVE-2 0 1 5-0 0 1 6),This is a very rare for IE sandbox vulnerability, Trend Micro researchers about this vulnerability for a detailed analysis.

Patch details

Vulnerability in With. exe module, With. exe is an ActiveX control, is Microsoft Remote Desktop Services Web Proxy program. First, I use IDA plugin patchdiff2 view patch the modifications, the modification is a function of the CTSWebProxy::StartRemoteDestop it.

I used OleView to load up TSWbPrxy. exe, view CTSWebProxy::StartRemoteDestop definition.


StartRemoteDesktop definition

I found StartRemoteDesktop has two parameters, and mstsc. exe related, this mstsc. exe is a Remote Desktop program.

bstrMstsc: mstsc. exe file path bstrArguments: mstsc. exe parameters

[1] [2] [3] [4] [5] next