IBM Remote Control Software 1.0 - Code Execution

EDB-ID:

19227




Platform:

Windows

Date:

1999-05-10


source: https://www.securityfocus.com/bid/284/info

The IBM Remote Control Software package requires a client module to be loaded on NT hosts to be remotey controlled. This client module is loaded as an NT service and must run under either the local system account or the user context of a user account having administrative privileges.

It has been discovered that this service may be exploited by a local user level account to execute code with administrator privileges. This vulnerability would allow a user (with no admin rights) to execute programs that might allow them to elevate their privileges to that of an administrator. 

Open the Netfinity client. Launch the Process Manager. From the Process Manager interface, launch arbitrary code. usrmgr.exe, musrmgr.exe, regedt32.exe, etc. may be launched and be used by the user level account to grant administrator privileges to any account on the host (or domain).