Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

mdaemon72.txt

๐Ÿ—“๏ธย 11 Dec 2004ย 00:00:00Reported byย Reed ArvinTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 22ย Views

Privilege escalation flaw in MDaemon 7.2 allows SYSTEM access via tray icon interaction.

Show more
Code
`Summary:  
A privilege escalation flaw exists in MDaemon 7.2 (http://www.mdaemon.com).  
  
Details:  
A privilege escalation technique can be used to gain SYSTEM level  
access while interacting with the MDaemon tray icon.  
  
Vulnerable Versions:  
MDaemon 7.2  
  
Solutions:  
The vendor was notified of the issue. There was no response.  
  
Exploit:  
1. Double click on the mail icon in the Taskbar to open the Alt-N  
MDaemon Pro window.  
2. Click File, click New  
3. Notepad should open. In Notepad click File, click Open  
4. In the Files of type: field choose All Files  
5. Navagate to %WINDIR%\System32\  
6. Right click cmd.exe and choose Open  
7. A new command shell will open with SYSTEM privileges  
  
Discovered by Reed Arvin reedarvin[at]gmail[dot]com  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
11 Dec 2004 00:00Current
7.4High risk
Vulners AI Score7.4
privilege escalationmdaemon version 7.2system level accessvendor notificationexploit steps
22
.json
Report