Posted by Kacper Szurek on Dec 01

# Exploit Title: WinPower V4.9.0.4 Privilege Escalation
# Date: 29-11-2016
# Software Link: http://www.ups-software-download.com/
# Exploit Author: Kacper Szurek
# Contact: http://twitter.com/KacperSzurek
# Website: http://security.szurek.pl/
# Category: local

1. Description

UPSmonitor runs as SYSTEM process.

We can communicate with monitor using RMI interface.

In manager app there’s an “Administrator” password check, but the password…