Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: NT Login Default Folder Vulnerability
From: dim () XS4ALL NL (Dimitry Andric)
Date: Wed, 7 Jul 1999 12:02:30 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06-07-99 at 11:56 Ben Greenbaum wrote:

When a user logs into an NT machine, there are a few processes that
are
started automatically, including explorer.exe. These programs are
normally
in %winroot% or %winroot%\system32. The problem is that NT will look
for
these programs first in the user's home directory.

This is ultimately caused by the fact that in MS-DOS, Windows and NT,
"." has always implicitly been the first entry in the PATH. And when
NT starts up an executable, the current directory is initially set to
the user's home directory...

Cheers,
/Dim
- --
Dimitry Andric <dim () xs4all nl>
PGP key: http://www.xs4all.nl/~dim/dim.asc
KeyID: 4096/1024-0x2E2096A3
Fingerprint: 7AB4 62D2 CE35 FC6D 4239  4FCD B05E A30A 2E20 96A3

-----BEGIN PGP SIGNATURE-----
Version: Encrypted with PGP Plugin for Calypso
Comment: http://www.gn.apc.org/duncan/stoa_cover.htm

iQA/AwUBN4MXn7BeowouIJajEQKJtQCfTelelgKHbOwhMydvy/bJM5Q3ZNkAn2vE
f/Xrss1EciwP1LRol91++GDi
=DEs4
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]