[Full-Disclosure] [SCSA-004] Vulnerability in Microsoft Windows XP
From: Grégory Le Bras | Security Corporation (gregory.lebras@security-corp.org)
Date: 02/19/03
- Previous message: Mark J Cox: "[Full-Disclosure] [ANNOUNCE] OpenSSL 0.9.7a and 0.9.6i released"
- Next in thread: Knud Erik Højgaard: "Re: [Full-Disclosure] [SCSA-004] Vulnerability in Microsoft Windows XP"
- Reply: Knud Erik Højgaard: "Re: [Full-Disclosure] [SCSA-004] Vulnerability in Microsoft Windows XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Grégory Le Bras | Security Corporation <gregory.lebras@security-corp.org> To: <full-disclosure@lists.netsys.com> Date: Wed, 19 Feb 2003 21:33:59 +0100
.: Vulnerability in Microsoft Windows XP :.
________________________________________________________________________
Security Corporation Security Advisory [SCSA-004]
________________________________________________________________________
PROGRAM: Windows XP
HOMEPAGE: http://www.microsoft.com
VULNERABLE VERSIONS: Professionnel & Home
________________________________________________________________________
DESCRIPTION
________________________________________________________________________
Windows XP Microsoft is a operating system of the multinationnale
Microsoft
DETAILS
________________________________________________________________________
A vulnerability was found allowing an user of a restricted session to
have access to private files belonging to any user of the machine,
also the administrators.
EXPLOIT
________________________________________________________________________
The exploit is very simple, it is enough to install a httpd Server such
as ©Apache. Put them on the disc where Windows Microsoft is installed
as resources of the server. Connect you to the following address:
http://localhost/
The index of the disc thus appears to the screen.
You can then cross the directory /documents and Setting/ and so to reach
the private files.
SOLUTIONS
________________________________________________________________________
Compress files mattering with a password.
VENDOR STATUS
________________________________________________________________________
The vendor has reportedly been notified
------------------------------------------------------------
Tristan aka Timus | http://www.Security-Corp.org
------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Next message: Georgi Guninski: "Re: [Full-Disclosure] Hackers View Visa/MasterCard Accounts"
- Previous message: Mark J Cox: "[Full-Disclosure] [ANNOUNCE] OpenSSL 0.9.7a and 0.9.6i released"
- Next in thread: Knud Erik Højgaard: "Re: [Full-Disclosure] [SCSA-004] Vulnerability in Microsoft Windows XP"
- Reply: Knud Erik Højgaard: "Re: [Full-Disclosure] [SCSA-004] Vulnerability in Microsoft Windows XP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
