Microsoft Internet Explorer Filesystem Elevation of Privilege Vulnerability

2015-08-11T00:00:00
ID ZDI-15-378
Type zdi
Reporter Ashutosh Mehra (https://twitter.com/ashutoshmehra)
Modified 2015-11-09T00:00:00

Description

This vulnerability allows attackers to escalate privileges on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of junction points in the Favorites folder linked to other folders. An attacker running code in the context of a low-rights Internet Explorer process can set up a junction point in the Favorites folder and then the IE broker process will change access control rights in the targeted folders (which are normally unmodifiable by the low-rights process). An attacker can leverage this vulnerability to execute code under the context of a medium integrity process.