Reply to post:

Windows Atom Tables popped by security researchers

patrickstar

After actually reading http://breakingmalware.com/injection-techniques/atombombing-brand-new-code-injection-for-windows/ , this isn't a vulnerability per se and doesn't really allow privilege escalation*.

It's a way to inject code into processes (a la WriteProcessMemory/CreateRemoteThread/etc) without getting detected by anti-malware software.

It does however remind me of a classic NT 4 kernel vulnerability in the NtAddAtom function!

http://insecure.org/sploits/NT.get-admin.kernal.hole.html

* Well, indirectly you could use it to gain more privileges or access to more hosts, as you can use it to hijack a remote desktop session or log terminal sessions, for example. But that's when you have code running as the same user as that process already.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021