Vulnerability Development mailing list archives
Re: lanma256.bmp/lanmannt.bmp security risk?
From: marc () MUCOM CO IL (Marc Esipovich)
Date: Wed, 24 Nov 1999 23:11:10 +0200
Having followed the thread on rtf exploits, I wonderd if there might be any other service which could be vulnerable under NT.
Probably ;)
One thing that struck me, is the .bmp that is displayed when Windows NT 4 boots (the one which says "Windows NT Workstation/Server" and is displayed under the logon box). What would happen if it is malformed, and NT is unable to display it? Buffer overflow - with arbitrary code execution? BSOD?
Maybe, who knows, try it out, but I can assure you, it won't be as trivial as in rtf.
My knowledge of exploits stretches no further than this. However, I can just imagine the implications, should it be a security risk. I haven't seen any posts or found any other information regarding this - so maybe it's a non-issue. Or maybe not...
The point of my reply is this, any file/program/code/whatever a user can modify and a system service (or daemon, or any higher privilege program) might use, is a potential problem At least, when running NT with NTFS, your FS permissions should be strict enough not to allow regular users access to files he/she doesn't really need access to (ie, own). Marc Esipovich. -- root is only a few clicks away...
Current thread:
- icq accounts Ömer Özta (Nov 20)
- <Possible follow-ups>
- Re: icq accounts Zimmerman, Eric - CIS (Nov 22)
- Re: icq accounts Sven E. van 't Veer (Nov 22)
- Re: icq accounts Seth R Arnold (Nov 22)
- Re: icq accounts Arturo Busleiman (Nov 22)
- lanma256.bmp/lanmannt.bmp security risk? Mike Blomgren (Nov 24)
- Re: lanma256.bmp/lanmannt.bmp security risk? Marc Esipovich (Nov 24)
- SSH exploit Gerardo Richarte (Nov 24)
- Re: icq accounts Sven E. van 't Veer (Nov 22)