| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <41A779DD.5000008@sleepdeprived.ca> From: support at sleepdeprived.ca (David Vincent) Subject: MS Windows Screensaver Privilege Escalation >>>MW> To Whom it May Concern; >>>MW> The Original Post is http://www.securityfocus.com/bid/11711 >>> >>>MW> On Windows XP all releases, when you replace, or change the >>>MW> screensaver displayed on the login screen with a specially crafted >>>MW> version designed to execute programs, those programs are launched >>>MW> under the SYSTEM SID, IE: they are given automatically the highest >>>MW> access level avalible to Windows. This level is not accessible even >>>MW> to administrators. >>> >>>MW> This flaw is important because while one would need Power User >>>MW> privledges or above to change the Login Screensaver, by default, any >>>MW> user with the exception of guest can replace the login screensaver >>>MW> file with a modified version. In theory, any determined user could >>>MW> execute ANYTHING with SYSTEM privledges. A similar flaw exists in >>>MW> Win2K, but Microsoft has ignored it. >>> >>>MW> Sincerly; >>>MW> Matt Walker >>> i've used the technique on this page to rescue a windows 2000 domain controller's admin account since the pnordhal diskette won't help: http://www.jms1.net/nt-unlock.html similar instructions for windows 2003 are here: http://www.nobodix.org/seb/win2003_adminpass.html -d
Powered by blists - more mailing lists