| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <009c01c2d856$3bab8a00$0300a8c0@goliath> From: gregory.lebras at security-corp.org (Grégory Le Bras | Security Corporation) Subject: [SCSA-004] Vulnerability in Microsoft Windows XP .: Vulnerability in Microsoft Windows XP :. ________________________________________________________________________ Security Corporation Security Advisory [SCSA-004] ________________________________________________________________________ PROGRAM: Windows XP HOMEPAGE: http://www.microsoft.com VULNERABLE VERSIONS: Professionnel & Home ________________________________________________________________________ DESCRIPTION ________________________________________________________________________ Windows XP Microsoft is a operating system of the multinationnale Microsoft DETAILS ________________________________________________________________________ A vulnerability was found allowing an user of a restricted session to have access to private files belonging to any user of the machine, also the administrators. EXPLOIT ________________________________________________________________________ The exploit is very simple, it is enough to install a httpd Server such as ?Apache. Put them on the disc where Windows Microsoft is installed as resources of the server. Connect you to the following address: http://localhost/ The index of the disc thus appears to the screen. You can then cross the directory /documents and Setting/ and so to reach the private files. SOLUTIONS ________________________________________________________________________ Compress files mattering with a password. VENDOR STATUS ________________________________________________________________________ The vendor has reportedly been notified ------------------------------------------------------------ Tristan aka Timus | http://www.Security-Corp.org ------------------------------------------------------------
Powered by blists - more mailing lists