Re: lanma256.bmp/lanmannt.bmp security risk?

[marc () MUCOM CO IL (Marc Esipovich)]

> Having followed the thread on rtf exploits, I wonderd if there might be any other service which could be vulnerable 
> under NT.
Probably ;)

> One thing that struck me, is the .bmp that is displayed when Windows NT 4 boots (the one which says "Windows NT 
> Workstation/Server" and is displayed under the logon box). What would happen if it is malformed, and NT is unable to 
> display it? Buffer overflow - with arbitrary code execution? BSOD?
Maybe, who knows,  try it out,  but I can assure you, it won't be as
trivial as in rtf.

> My knowledge of exploits stretches no further than this. However, I can just imagine the implications, should it be a 
> security risk. I haven't seen any posts or found any other information regarding this - so maybe it's a non-issue. Or 
> maybe not...
The point of my reply is this, any file/program/code/whatever a user can
modify and a system service (or daemon, or any higher privilege program)
might use, is a potential problem

At least, when running NT with NTFS, your FS permissions should be strict
enough not to allow regular users access to files he/she doesn't really
need access to (ie, own).

        Marc Esipovich.

--
root is only a few clicks away...