Full Disclosure mailing list archives
[SCSA-004] Vulnerability in Microsoft Windows XP
From: Grégory Le Bras | Security Corporation <gregory.lebras () security-corp org>
Date: Wed, 19 Feb 2003 21:33:59 +0100
.: Vulnerability in Microsoft Windows XP :. ________________________________________________________________________ Security Corporation Security Advisory [SCSA-004] ________________________________________________________________________ PROGRAM: Windows XP HOMEPAGE: http://www.microsoft.com VULNERABLE VERSIONS: Professionnel & Home ________________________________________________________________________ DESCRIPTION ________________________________________________________________________ Windows XP Microsoft is a operating system of the multinationnale Microsoft DETAILS ________________________________________________________________________ A vulnerability was found allowing an user of a restricted session to have access to private files belonging to any user of the machine, also the administrators. EXPLOIT ________________________________________________________________________ The exploit is very simple, it is enough to install a httpd Server such as ©Apache. Put them on the disc where Windows Microsoft is installed as resources of the server. Connect you to the following address: http://localhost/ The index of the disc thus appears to the screen. You can then cross the directory /documents and Setting/ and so to reach the private files. SOLUTIONS ________________________________________________________________________ Compress files mattering with a password. VENDOR STATUS ________________________________________________________________________ The vendor has reportedly been notified ------------------------------------------------------------ Tristan aka Timus | http://www.Security-Corp.org ------------------------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [SCSA-004] Vulnerability in Microsoft Windows XP Grégory Le Bras | Security Corporation (Feb 19)
- Re: [SCSA-004] Vulnerability in Microsoft Windows XP Knud Erik Højgaard (Feb 19)