[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] MS Windows Screensaver Privilege Escalation

To: "Matthew Walker" <mattofak@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] MS Windows Screensaver Privilege Escalation
From: "Stuart Fox (DSL AK)" <StuartF@xxxxxxxxxxxxx>
Date: Thu, 25 Nov 2004 17:13:28 +1300

> 
> On Windows XP all releases, when you replace, or change the 
> screensaver displayed on the login screen with a specially 
> crafted version designed to execute programs, those programs 
> are launched under the SYSTEM SID, IE: they are given 
> automatically the highest access level avalible to Windows.  
> This level is not accessible even to administrators.
> 
> This flaw is important because while one would need Power 
> User privledges or above to change the Login Screensaver, by 
> default, any user with the exception of guest can replace the 
> login screensaver file with a modified version.  In theory, 
> any determined user could execute ANYTHING with SYSTEM 
> privledges.  A similar flaw exists in Win2K, but Microsoft 
> has ignored it.
> 

Interesting when read in the context of this:

http://support.microsoft.com/default.aspx?scid=kb;en-us;221991&sd=tech 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re[2]: [Full-Disclosure] MS Windows Screensaver Privilege Escalation
  - From: 3APA3A

Prev by Date: Re: [Full-Disclosure] Windows user privileges
Next by Date: RE: [Full-Disclosure] previledge password in cisco routers
Previous by thread: RE: [Full-Disclosure] MS Windows Screensaver Privilege Escalation
Next by thread: Re[2]: [Full-Disclosure] MS Windows Screensaver Privilege Escalation
Index(es):
- Date
- Thread