Re: How vulnerable is a 'Limited" account on XP?

From: xenophi1e (oliver.lavery_at_sympatico.ca)
Date: 07/10/03

Next message: Paul Vet: "RE: Generic way to exploit an insecure /tmp file creation - Red Hat 7,8,9 (Re: Red Hat 9: free tickets)"

Previous message: Stephen Samuel: "Re: Generic way to exploit an insecure /tmp file creation - Red Hat 7,8,9 (Re: Red Hat 9: free tickets)"
Maybe in reply to: Bernie Cosell: "How vulnerable is a 'Limited" account on XP?"
Next in thread: Brad Bemis: "RE: How vulnerable is a 'Limited" account on XP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 10 Jul 2003 18:32:32 -0000
To: vuln-dev@securityfocus.com

('binary' encoding is not supported, stored as-is) In-Reply-To: <200307081708.h68H8MPo017830@mail.rev.net>

Please don't infect your system with viruses. That's not a good idea.

A limited account on XP is very much like a limited account on any other
OS. It is somewhat secure, but as soon as you have access to a machine
that machine has been opened up to local priviledge elevation
vulnerabilities.

If Windows doesn't contain any of these holes, then it seems to follow
that a limited account should be secure. However these vulnerabilities
are pretty common on other platforms and who knows, there might be a few
buried in windows somewhere.

Cheers,
~ol

>I've been wondering: are there exploits/vulnerabilities that can burrow
>into a system through a limited account on XP? I've tried playing
around
>a little bit [but I'm really not very much of an XP-hacker] and it sure
>seems hard to get a toehold on the system from my limited account. With
>the entire system drive essentially read-only, and with its not being
>able to mess with ADMIN or SYSTEM processes, I wonder just how
vulnerable
>XP is... [for example, I"ve been tempted (but too chicken) to try
>intentionally infecting myself with one or another of the email-borne
>viruses just to see how far they could penetrate into my system].
>
> /Bernie
>--
>Bernie Cosell Fantasy Farm Fibers
>mailto:bernie@fantasyfarm.com Pearisburg, VA
> --> Too many people, too few sheep <--
>
>
>
>

Next message: Paul Vet: "RE: Generic way to exploit an insecure /tmp file creation - Red Hat 7,8,9 (Re: Red Hat 9: free tickets)"

Previous message: Stephen Samuel: "Re: Generic way to exploit an insecure /tmp file creation - Red Hat 7,8,9 (Re: Red Hat 9: free tickets)"
Maybe in reply to: Bernie Cosell: "How vulnerable is a 'Limited" account on XP?"
Next in thread: Brad Bemis: "RE: How vulnerable is a 'Limited" account on XP?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Norton Internet Security 2005
... > How effective is Norton Internet Security 2005 on a limited ... > account?will it be able to protect me? ... to function as well from a limited account as it does from an admin one; ... Kazaa - Software update services for your Viruses and Spyware. ...
(microsoft.public.windowsxp.security_admin)
Norton Internet Security 2005
... How effective is Norton Internet Security 2005 on a limited account?will it ... be able to protect me? ... will it remove viruses on limited account? ...
(microsoft.public.windowsxp.security_admin)
Re: How vulnerable is a Limited" account on XP?
... >> seems hard to get a toehold on the system from my limited account. ... > exploit code targeted towards windows xp, it will only infect with the ... > but since I havn't used a windows machine since 2k first came out, ... > not a programmer, or at least not a exploit programmer, so if you are ...
(Vuln-Dev)