![]() ![]() Once again, these are stored in the Windows registry. Interfaces are typically defined via the Microsoft Interface Definition Language (MIDL) and are identified via a GUID known as an IID. Every COM object supports the IUnknown interface, and this interface is used to provide reference counting and casting to other supported interfaces via the AddRef, Releaseand QueryInterface methods. The interface marks a clear boundary between code that calls a method and the code that implements the method. Essentially, an interface defines a set of methods that an object supports, without dictating anything about the implementation. A CLSID entry contains the information used by the COM subsystem when an instance of the object is created.ĬOM hides the implementation details of objects by exposing one or more interfaces. It really is everywhere!ĬOM objects are identified via a Globally Unique Identifier (GUID) known as a CLSID, stored in the Windows registry (many COM objects are also named in the registry, but the name just links to the corresponding CLSID). ![]() Well known usages of COM include ActiveX and OLE (for example, embedding an Excel spreadsheet in a Word document), however COM is used internally across the entire Windows ecosystem by both Microsoft and many third party applications. ![]() Broadly speaking, this means COM is an architecture that allows developers to use certain software components in a language agnostic manner. Feel free to skip this section if you are comfortable with the basic concepts of COM on Windows.Ĭomponent Object Model (COM) is a binary-interface standard for software components introduced by Microsoft in 1993. We will begin with some background material that should help frame the first vulnerability that we will discuss. When combined, these vulnerabilities allow an unprivileged local user to execute arbitrary commands as the SYSTEM user on a default installation of Windows 10. The second vulnerability (CVE-2019-1322) is a simple service misconfiguration that allows any user in the local SERVICE group to reconfigure a service that executes as SYSTEM (this vulnerability was independently also discovered by other researchers). ![]() The first of these vulnerabilities (CVE-2019-1405) is a logic error in a COM service and allows local unprivileged users to execute arbitrary commands as a LOCAL SERVICE user. This blog post discusses two vulnerabilities discovered by NCC Group consultants during research undertaken on privilege elevation via COM local services. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |