Microsoft Windows Modules Installer Service Information Disclosure

Posted by deepcore on February 18, 2020 – 6:28 am

The TrustedInstaller service running on the Microsoft Windows operating system hosts a COM service called Sxs Store Class; its ISxsStore interface provides methods to install/uninstall assembles via application manifests files into the WinSxS store. These API methods were meant to be available for users with administrative privileges only, but the logic was unintentionally exposed to anyone on the system due to improper implementation of the authorization logic.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [webapps] WordPress Plugin WP Sitemap Page 1.6.2 – Persistent Cross-Site Scripting WordPress Fruitful 3.8 Cross Site Scripting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Microsoft Windows Modules Installer Service Information Disclosure

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL