[Blog] Local Privilege Escalation in EA's Origin Clienthttps://enigma0x3.net/2019/12/10/cve-2019-19248-local-privilege-escalation-in-eas-origin-client/ …
The LocalService account description was written on 05/30/2018. I would expect it to be accurate.pic.twitter.com/Qq5MDhxtWN
-
-
Regardless what I think they mean here with privileges is the process' token privileges. I agree that the text is inaccurate with regards to the token integrity level
-
Yeah, I guess I shouldn't equate System integrity with System privileges. The original blog stated "restarting the “Origin Web Helper Service” service will cause it to try and set the DACL" But it's the Origin Client Service (runs as LocalSystem) that actually does the DACL stomppic.twitter.com/yLo9cHq6NK
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.