Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

mIRC bug?
From: "Shustrik" <root () shustrik com>
Date: Sun, 2 Dec 2001 19:06:22 +0200
Hello, BugTraq readers!

I have recently started using mIRC's DDE feature, which allows DDE messaging
between its instances and other software. At first I was quite pleased with
this feature until I thought about the security implications of it under a
multi-user system (such as Windows 2000 Professional that I am using). This
is what I did:

1) Launched one copy of mIRC with an enabled DDE Server under an
Administrative account.
2) Launched another one under a Guest account using the RunAs service.
3) Wrote /dde mIRC command "" /run c:\program files\internet
explorer\iexplore.exe in the second (Guest) client.
4) Internet Explrer was launched under the administrative account.

This enables different users sharing one machine to overtake each other's
accounts if mIRC is running with a DDE Server (this option is enabled by
default). I would be grateful if someone tested this with Windows 2000
Terminal Server or Windows XP with Switch User function enabled.

Shustrik.
mailto:root () shustrik com

  By Date           By Thread  

Current thread:
  • mIRC bug? Shustrik (Dec 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]