ManipUni said:
Charles said:
*snip*

Take my scenario:
You're browsing a website, Adobe Reader has yet another bug in it, an advert on the site injects code into that process and starts executing as the current user. It then launched calculator escalates Adobe Reader and roots the entire system.

What would happen with UAC on full? While Adobe Reader could cause issues and attempt to inject its self into processes IN CASE they get escalated later, a more realistic scenario is that it would be greatly limited within its scope to cause damage. Simply because luck is required (the user escalates something) and it is a lot harder to write.

Interesting. So, it uses Calculator to escalate. Of course, it got on to the system to execute in context (I believe you used an exploit in an installed application as the doorway fo the exploit package). But, forget that for now. Can you elaborate on the UAC exploit pattern?

C