An attacker gains control of a process that is assigned elevated
privileges in order to execute arbitrary code with those privileges. Some
processes are assigned elevated privileges on an operating system, usually
through association with a particular user, group, or role. If an attacker
can hijack this process, they will be able to assume its level of prevelege
in order to execute their own code. Processes can be hijacked through
inproper handling of user input (for example, a buffer overflow or certain
types of injection attacks) or by utilizing system utilities that support
process control that have been inadequately secured.
Attack Prerequisites
The targeted process or operating system must contain a bug that allows
attackers to hijack the targeted process.
VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware
Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x
before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before
1.0.5 on Windows allow local users to gain privileges via an unspecified
manipulation of a config.ini file located in an Application Data folder,
which can be used for "hijacking the VMX process."
CVE-2007-6705
The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client
for Windows, when running in an MTS or a COM+ environment, grants the
PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a
queue manager, which allows local users to duplicate an arbitrary handle
and possibly hijack an arbitrary process.
Description
