Bugtraq mailing list archives

Exploit: Windows95/98/ (NT?) Autorun

From: poptix () INGS COM (Matt Hallacy)
Date: Fri, 22 May 1998 14:08:27 -0500


Sorry if this has been brought up before, I searched the archives and
didnt find anything.

Problem: Autorun runs even when passworded screensaver is active.

Scenario: Burn a CD-ROM with whatever program you want to run on the
passworded machine, put it in autorun.inf, and just put it in the machine,
this can be used to run and do just about anything, one more reason not to
rely on microsoft for your security :)

I dont suppose this is actually an exploit, but it's exploitable on 80% of
the machines running Windows since not a whole lot of people turn autorun
off, a few friends had a great time going to wal-mart, popping the CD in,
removing the screen savers and a password utility they had on there, then
having full access, this could easily be used to walk over to a machine,
pop a disk in drive A, have it autorun a batch file on the CD to copy
say, Turbo Tax documents, Quicken, (you get the idea :)


                                Matt Hallacy, poptix@Efnet

Current thread:

Re: [MORE] Lynx's 2.x buffers overflows Bela Lubkin (May 06)
- check-ps 1.2 pre-release Duncan Simpson (May 06)
- Re: [MORE] Lynx's 2.x buffers overflows Theo de Raadt (May 06)
- admintool mode 0777 in Solaris 2.6 HW3/98 Paul B. Henson (May 07)
- nestea2 and HP Jet Direct cards. Damon Petta (May 07)
  - Re: nestea2 and HP Jet Direct cards. MrMurphy (May 08)
  - Re: nestea2 and HP Jet Direct cards. Ben Woodard (May 20)
    - Re: nestea2 and HP Jet Direct cards. (Lexmark patches) Ben Woodard (May 22)
    - Exploit: Windows95/98/ (NT?) Autorun Matt Hallacy (May 22)
- ircnn-1.3devel problems Warren Rees (May 08)