Mailing List Archive

[SCSA-004] Vulnerability in Microsoft Windows XP
.: Vulnerability in Microsoft Windows XP :.

________________________________________________________________________

Security Corporation Security Advisory [SCSA-004]
________________________________________________________________________

PROGRAM: Windows XP
HOMEPAGE: http://www.microsoft.com
VULNERABLE VERSIONS: Professionnel & Home
________________________________________________________________________



DESCRIPTION
________________________________________________________________________

Windows XP Microsoft is a operating system of the multinationnale
Microsoft


DETAILS
________________________________________________________________________

A vulnerability was found allowing an user of a restricted session to
have access to private files belonging to any user of the machine,
also the administrators.


EXPLOIT
________________________________________________________________________

The exploit is very simple, it is enough to install a httpd Server such
as ©Apache. Put them on the disc where Windows Microsoft is installed
as resources of the server. Connect you to the following address:
http://localhost/
The index of the disc thus appears to the screen.
You can then cross the directory /documents and Setting/ and so to reach
the private files.

SOLUTIONS
________________________________________________________________________

Compress files mattering with a password.


VENDOR STATUS
________________________________________________________________________

The vendor has reportedly been notified


------------------------------------------------------------
Tristan aka Timus | http://www.Security-Corp.org
------------------------------------------------------------
Re: [SCSA-004] Vulnerability in Microsoft Windows XP [ In reply to ]
Grégory Le Bras | Security Corporation wrote:
> .: Vulnerability in Microsoft Windows XP :.
..
> Security Corporation Security Advisory [SCSA-004]
[snip]
>
> A vulnerability was found allowing an user of a restricted session to
> have access to private files belonging to any user of the machine,
> also the administrators.
>
>
> EXPLOIT
> ________________________________________________________________________
>
> The exploit is very simple, it is enough to install a httpd Server
> such as ©Apache. Put them on the disc where Windows Microsoft is
> installed as resources of the server. Connect you to the following
> address: http://localhost/
> The index of the disc thus appears to the screen.
> You can then cross the directory /documents and Setting/ and so to
> reach the private files.

How do you define a 'restricted session'? Would a user in a restricted
environment set up by you be able to install apache, but not be able to
browse the files of other users?

Has the apache by any chance been installed as a service running with SYSTEM
privileges?

--
Knud