Full title: WSearch service (windows) - persistence backdooring + privilege escalation Exploit 
Category: local exploits
Platform: windows
Vendor: Microsoft WSearch (windows indexing) service [SearchIndexer.exe]
Vulnerability Type: Persistence backdooring + Privilege Escalation
Versions Affected: Windows XP, VISTA, 7, 8, 9, 10
Severity: critical

Description:
The WSearch service uses one executable.exe set in binary_path_name and runs it has
local/system at startup, this enables local privilege_escalation/persistence_backdooring.
To exploit this vulnerability a local attacker needs to replace the executable into the binary_path_name
of the service. 'Rebooting the system or restarting the service will run the malicious executable with
elevated privileges.


Credits:
vuln/module author: r00t-3xp10it
help debugging: milton@barra
module article: Chaitanya Haritash

# 0day.today @ http://0day.today/