Geeks With Blogs
Welcome to Geeks with Blogs
Shawn Cicoria
News




Post Categories
Archives
INauseous() Shawn Cicoria - Solution Architect, Craftsman and Artisan - INauseous() - Main Blog Here: www.Cicoria.com
<< Files: .NET Framework 3.0 training kit for WF, WCF and CardSpace | Home | UN urged to take out asteroid soon | NEWS.com.au >>
Windows Vista UAC and UIPI falls short.

The Shatter Attack potential is still present with Vista.  Something that you'd think was not possible is still present in Vista.

The ability to enumerate windows running in a session, get a handle to that window and send it windows messages, such as WM_KEYDOWN, is still possible from a lower privlege process to a higher privelege process.

So, a low privlege process could search all the windows, find say perhaps a CMD prompt running as adminstrator, then send a buch of keystrokes to it to execute an elevated command.

That's a big hole. 

Link to invisiblethings' blog: Running Vista Every Day!

Posted on Sunday, February 18, 2007 10:35 AM | Back to top


Comments on this post: Windows Vista UAC and UIPI falls short.

Comments are closed.
Comments have been closed on this topic.
Copyright © Shawn Cicoria | Powered by: GeeksWithBlogs.net


Popular Posts on Geeks with Blogs 0
Geeks With Blogs Content Categories ASP.Net SQL Server Apple Google SharePoint Windows Visual Studio Team Foundation Server Agile Office Design Patterns Web Azure
Brand New Posts on Geeks with Blogs 0