On 2022-05-10, Stefan Kanthak wrote: >| Their reasoning centers around the requirement to have admin >| privileges to pull off the attack. > > OUCH! Unprivileged users can but write this registry entry below > [HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
They're explaining that you need privileges to attack *other* users. I don't think anyone is disputing you can "attack" yourself. I know, I know - we've had this discussion before, and nothing will convince you that this isn't a vulnerability :) Tavis. -- _o) $ lynx lock.cmpxchg8b.com /\\ _o) _o) $ finger tav...@sdf.org _\_V _( ) _( ) @taviso _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/