[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <67b2506041124093658dfc9e3@mail.gmail.com>
From: mattofak at gmail.com (Matthew Walker)
Subject: MS Windows Screensaver Privilege Escalation
To Whom it May Concern;
The Original Post is http://www.securityfocus.com/bid/11711
On Windows XP all releases, when you replace, or change the
screensaver displayed on the login screen with a specially crafted
version designed to execute programs, those programs are launched
under the SYSTEM SID, IE: they are given automatically the highest
access level avalible to Windows. This level is not accessible even
to administrators.
This flaw is important because while one would need Power User
privledges or above to change the Login Screensaver, by default, any
user with the exception of guest can replace the login screensaver
file with a modified version. In theory, any determined user could
execute ANYTHING with SYSTEM privledges. A similar flaw exists in
Win2K, but Microsoft has ignored it.
Sincerly;
Matt Walker
Powered by blists - more mailing lists