[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <A54506325BF6C74ABFBB7434F71661CF04742593@dnzakex1.datacom.co.nz>
From: StuartF at datacom.co.nz (Stuart Fox (DSL AK))
Subject: MS Windows Screensaver Privilege Escalation
>
> On Windows XP all releases, when you replace, or change the
> screensaver displayed on the login screen with a specially
> crafted version designed to execute programs, those programs
> are launched under the SYSTEM SID, IE: they are given
> automatically the highest access level avalible to Windows.
> This level is not accessible even to administrators.
>
> This flaw is important because while one would need Power
> User privledges or above to change the Login Screensaver, by
> default, any user with the exception of guest can replace the
> login screensaver file with a modified version. In theory,
> any determined user could execute ANYTHING with SYSTEM
> privledges. A similar flaw exists in Win2K, but Microsoft
> has ignored it.
>
Interesting when read in the context of this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;221991&sd=tech
Powered by blists - more mailing lists