mIRC bug?

["Shustrik" <root () shustrik com>]

Hello, BugTraq readers!

I have recently started using mIRC's DDE feature, which allows DDE messaging
between its instances and other software. At first I was quite pleased with
this feature until I thought about the security implications of it under a
multi-user system (such as Windows 2000 Professional that I am using). This
is what I did:

1) Launched one copy of mIRC with an enabled DDE Server under an
Administrative account.
2) Launched another one under a Guest account using the RunAs service.
3) Wrote /dde mIRC command "" /run c:\program files\internet
explorer\iexplore.exe in the second (Guest) client.
4) Internet Explrer was launched under the administrative account.

This enables different users sharing one machine to overtake each other's
accounts if mIRC is running with a DDE Server (this option is enabled by
default). I would be grateful if someone tested this with Windows 2000
Terminal Server or Windows XP with Switch User function enabled.

Shustrik.
mailto:root () shustrik com