Vulnerability Development mailing list archives
office 2k security bug?
From: torgeir () OHD NO (Torgeir Hansen)
Date: Tue, 22 Feb 2000 12:37:59 +0100
for a while ago, i attended a pre-course to installation, etc. of office2k (before the final release of office - so i don't know if this is for real) there they showed us the "wonders" of the installation wizard (or what it was called again..) that's installed as a service under WindowsNT with admin right's. And since they wanted it to work with install on first use as normal users, it was just a setup app calling on installation wizard which had rights to install, etc.. But as far as i understood, you can even do register changes with that setup - just make you'r own setup.ini (inf?) file .. In short terms: a normal user can gain system access under NT by the mean's of the "installation wizard" by reading/writing to the registry.. has anyone tried anything like this? I don't have access to any NT machines that i can use for such a test at the moment, so i cannot test it myself.. .would be great if someone could tell me if this is right or wrong. (imagine the use of it with a lazy sys-admin with the same adm pwd on all NT workstation's - full access to all workstations (and potensially servers) in a NT network might be.. interesting if you are a person with less glorious intentions.. ) - Torgeir Hansen
Current thread:
- Information on Raptor Martin M Samson (Feb 20)
- Re: Information on Raptor Yiorgos Adamopoulos (Feb 21)
- (Fwd) Re: vulnerability database Felix Harris (Feb 21)
- Re: Information on Raptor Malikai (Feb 21)
- Re: Information on Raptor James Crooks (Feb 22)
- Re: Information on Raptor Malikai (Feb 23)
- Consulting lameness, RE: Information on Raptor Ben Grubin (Feb 23)
- Single SignOn Vanna P. Rella (Feb 23)
- Re: Single SignOn Simple Nomad (Feb 24)
- Re: Information on Raptor James Crooks (Feb 22)
- office 2k security bug? Torgeir Hansen (Feb 22)
- R: office 2k security bug? Raistlin (Feb 23)
- Fwd: ANNOUNCEMENT: Lighting Firewall for Linux released Grzegorz Stelmaszek (Feb 23)
- Re: Information on Raptor James Crooks (Feb 21)
- Re: Information on Raptor David J Laumann (Feb 21)
- <Possible follow-ups>
- Re: Information on Raptor Marcelo Amaral - ALTAVISTA.NET (Feb 21)
- Re: Information on Raptor CL: Nelson, Jeff (Feb 24)
- Re: Information on Raptor IC&S - Eelco van Beek (Feb 25)
- Re: Information on Raptor Daniel Liebster (Feb 25)
- Re: Information on Raptor Ben Grubin (Feb 24)
- Dedicated vs "shared use" firewalls Forrest W. Christian (Feb 24)