Vigil@nce - Windows: privilege escalation via Audio Service
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use Audio Service of Windows, in order to
escalate his privileges.
Impacted products: Windows 2008 R0, Windows 2008 R2, Microsoft
Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista
Severity: 2/4
Creation date: 12/11/2014
DESCRIPTION OF THE VULNERABILITY
The Windows Audio Service can call scripts.
However, is some cases, these scripts are called with elevated
privileges. This vulnerability can for example be used by a
vulnerability of IE, to execute code with user’s privileges.
A local attacker can therefore use Audio Service of Windows, in
order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-privilege-escalation-via-Audio-Service-15617