lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <67b2506041124093658dfc9e3@mail.gmail.com>
From: mattofak at gmail.com (Matthew Walker)
Subject: MS Windows Screensaver Privilege Escalation

To Whom it May Concern;
The Original Post is http://www.securityfocus.com/bid/11711

On Windows XP all releases, when you replace, or change the
screensaver displayed on the login screen with a specially crafted
version designed to execute programs, those programs are launched
under the SYSTEM SID, IE: they are given automatically the highest
access level avalible to Windows.  This level is not accessible even
to administrators.

This flaw is important because while one would need Power User
privledges or above to change the Login Screensaver, by default, any
user with the exception of guest can replace the login screensaver
file with a modified version.  In theory, any determined user could
execute ANYTHING with SYSTEM privledges.  A similar flaw exists in
Win2K, but Microsoft has ignored it.

Sincerly;
Matt Walker


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ