Microsoft Windows Phone本地权限提升漏洞
发布日期:2014-11-18
更新日期:2014-11-20
受影响系统:Microsoft Windows Phone
描述:
BUGTRAQ ID:
71152
Microsoft Windows Phone是微软发布的一款手机操作系统,它将微软旗下的Xbox Live游戏、Xbox Music音乐与独特的视频体验集成至手机中。
Microsoft Windows Phone在实现上存在本地权限提升漏洞,本地攻击者可利用此漏洞以受影响设备上以提升的权限执行任意代码。
<*来源:DJAmol
链接:forum.xda-developers.com/windows-phone-8/development/xap-source-registry-tool-little-t2933964
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
DJAmol ()提供了如下测试方法:
1. Develop your own application package and deploy it on the target device.
2. Install an any application such as “Glance Background Beta” from the Window Phone app Store.
3. Delete all folders under the targeted directory of the installed app, in this case, Glance background.
4. Now copy the contents of your own deployed package and paste it on the targeted directory. This implies replacing the “Program Files” of the installed app with your package files.
5. Finally launch the App which will run in OEM (Glance Background beta) directory using the privileges of the targeted App.
建议:
厂商补丁:
Microsoft
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://technet.microsoft.com/security/bulletin/浏览次数:1959
严重程度:0(网友投票)
