If the vulnerability were exploited to cause the malicious users code to run on the administrators machine, what could it do?
Netmon requires administrative privileges to run, so it would be certain that the code could gain these privileges. Thus, at a minimum, the code would gain local administrator privileges and would have complete control over the local machine. If the person running Netmon was a domain administrator, his code could gain complete control over the entire domain. However, security best practices recommend against ever using the domain Administrator account for anything other than domain management functions, and if this recommendation has been followed, an administrator would use Netmon in the local, rather than domain, administrative context.
Related Questions
- Would this vulnerability enable a malicious user to attack the administrator the moment he began monitoring the network?
- Doesn the vulnerability require the user to click on the file: URL or UNC string in the malicious web page?
- How fast would a malicious user need to send the packets in order to affect a machine?
