Vigil@nce - Windows: privilege escalation via LRPC Client
December 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can setup a malicious LRPC server to generate a
buffer overflow in the LRPC Client of Windows, in order to trigger
a denial of service, and possibly to escalate his privileges.
Impacted products: Windows 2003, Windows XP
Severity: 2/4
Creation date: 11/12/2013
DESCRIPTION OF THE VULNERABILITY
The LRPC (Local Remote Procedure Call) feature is used to
communicate with a local application via RPC, and using LPC to
transmit messages.
However, if the size of the LRPC/LPC message received by the LRPC
client is greater than the size of the storage array, an overflow
occurs.
A local attacker can therefore setup a malicious LRPC server to
generate a buffer overflow in the LRPC Client of Windows, in order
to trigger a denial of service, and possibly to escalate his
privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-privilege-escalation-via-LRPC-Client-13932