Vulnerabilities

LogMeIn Driver Handle Duplication Vulnerability Leading to Privilege Escalation

The primitive in play here is a handle duplication attack, and basically the LogMeIn device driver has an IOCTL that will temporarily duplicate a handle specified by the caller (attacker). Along with allowing users to open the device with PROCESS_DUP_HANDLE one can open the device and then try to duplicate the newly created handle before it gets closed to continue to hold a reference to a privileged handle and use that for an elevation of privilege.

 
1
2
3
4
5
6
7