> An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
I don't quite understand this. Form the article it looks like the trojan escapes the word document to execution realm through your typical vulnerability. Fair enough. But so far it looks like it only has rights corresponding to the user.
So as far as i understand it, this needs a privilege escalation vulnerability to 'take complete control' and 'create new accounts'.
It seems to copy itself to /Library/launched though, which here is
drwr-xr-x+ 65 root wheel 2210 Feb 2 14:45 /Library
So it looks like it's going root at some point, but it's not described in the document. But since it has root, why would ' Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights'?
You are most likely running 10.7 and it was installed clean. Previous versions of Mac OS X made that directory group-writeable by default (and 10.7 upgraded from a previous system will keep the old permissions).
Here's the line for 10.6:
drwxrwxr-t+ 61 root admin 2074 3 Nov 18:12 /Library
I don't quite understand this. Form the article it looks like the trojan escapes the word document to execution realm through your typical vulnerability. Fair enough. But so far it looks like it only has rights corresponding to the user.
So as far as i understand it, this needs a privilege escalation vulnerability to 'take complete control' and 'create new accounts'.
It seems to copy itself to /Library/launched though, which here is
So it looks like it's going root at some point, but it's not described in the document. But since it has root, why would ' Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights'?