Full Disclosure mailing list archives
RE: MS Windows Screensaver Privilege Escalation
From: "Stuart Fox \(DSL AK\)" <StuartF () datacom co nz>
Date: Thu, 25 Nov 2004 17:13:28 +1300
On Windows XP all releases, when you replace, or change the screensaver displayed on the login screen with a specially crafted version designed to execute programs, those programs are launched under the SYSTEM SID, IE: they are given automatically the highest access level avalible to Windows. This level is not accessible even to administrators. This flaw is important because while one would need Power User privledges or above to change the Login Screensaver, by default, any user with the exception of guest can replace the login screensaver file with a modified version. In theory, any determined user could execute ANYTHING with SYSTEM privledges. A similar flaw exists in Win2K, but Microsoft has ignored it.
Interesting when read in the context of this: http://support.microsoft.com/default.aspx?scid=kb;en-us;221991&sd=tech _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: MS Windows Screensaver Privilege Escalation, (continued)
- Re: MS Windows Screensaver Privilege Escalation Matt Andreko (Nov 27)
- Re[2]: MS Windows Screensaver Privilege Escalation 3APA3A (Nov 27)
- Re: MS Windows Screensaver Privilege Escalation Matt Andreko (Nov 27)
- Re[2]: MS Windows Screensaver Privilege Escalation 3APA3A (Nov 27)
- Re: MS Windows Screensaver Privilege Escalation David Vincent (Nov 27)
- Re: MS Windows Screensaver Privilege Escalation Matt Andreko (Nov 27)
- Re: MS Windows Screensaver Privilege Escalation Pavel Kankovsky (Nov 28)
- Re: MS Windows Screensaver Privilege Escalation devis (Nov 28)
- Re: MS Windows Screensaver Privilege Escalation Nick FitzGerald (Nov 28)
- Re: MS Windows Screensaver Privilege Escalation Paul Schmehl (Nov 29)
- RE: MS Windows Screensaver Privilege Escalation Kovács László (Nov 29)
- Re[2]: MS Windows Screensaver Privilege Escalation 3APA3A (Nov 25)