Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [SCSA-004] Vulnerability in Microsoft Windows XP

From: Knud Erik Højgaard <kain () ircop dk>
Date: Wed, 20 Feb 2002 01:01:32 +0100
Grégory Le Bras | Security Corporation wrote:

.: Vulnerability in Microsoft Windows XP :.

..

Security Corporation Security Advisory [SCSA-004]

[snip]


A vulnerability was found allowing an user of a restricted session to
have access to private files belonging to any user of the machine,
also the administrators.


EXPLOIT
________________________________________________________________________

The exploit is very simple, it is enough to install a httpd Server
such as ©Apache. Put them on the disc where Windows Microsoft is
installed as resources of the server. Connect you to the following
address: http://localhost/
The index of the disc thus appears to the screen.
You can then cross the directory /documents and Setting/ and so to
reach the private files.


How do you define a 'restricted session'? Would a user in a restricted
environment set up by you be able to install apache, but not be able to
browse the files of other users?

Has the apache by any chance been installed as a service running with SYSTEM
privileges?

--
Knud

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: