Full title: Microsoft Error Reporting Local Privilege Elevation Exploit 
Category: local exploits
Platform: windows
This Metasploit module takes advantage of a bug in the way Windows error reporting opens the report parser. If you open a report, Windows uses a relative path to locate the rendering program. By creating a specific alternate directory structure, we can coerce Windows into opening an arbitrary executable as SYSTEM. If the current user is a local admin, the system will attempt impersonation and the exploit will fail.

# 0day.today @ http://0day.today/