Am 21.05.2014 19:39, schrieb Tavis Ormandy: > 1. The users who do not have Administrator privileges; These users > cannot exploit this issue, because they can't write to C:\ > 2. The users who do have Administrator privileges. These users can > write to C:\, but why bother, they're already Administrators? you just don't understand the problem creating "C:\Program.exe" with whatever permissions should not lead in any random installer ist executing that > Of course, this changes if someone can demonstrate how to create > C:\Program.exe without Administrator access you just don't understand the problem the existence of "C:\Program.exe" must not have any bad affect for any random installer not intending to execute this and the fact a installer executes that because it simply exists shows a *general flaw* in that installer
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/