Full Disclosure: Re[2]: MS Windows Screensaver Privilege Escalation

[3APA3A <3APA3A () SECURITY NNOV RU>]

Dear Stuart Fox (DSL AK),

--Thursday, November 25, 2004, 7:13:28 AM, you wrote to mattofak () gmail com:

SFDA> Interesting when read in the context of this:

SFDA> http://support.microsoft.com/default.aspx?scid=kb;en-us;221991&sd=tech

It  was different problem and it was really security bug. Usually user's
screensaver  is executed with user's privileges. Under Windows NT if DOS
program  (for  example  command.com) was specified as screensaver it was
executed with SYSTEM privileges. It was bug and it was patched.

Logon  screensaver  is  screensaver  configured  for .DEFAULT user. Only
Administrators  can change screensaver options for this users. Yes, it's
executed  by  system  with SYSTEM privileges. By design, Power Users can
change  any  system file - it makes it possible for Power User to change
file  for  any system service, logon screensaver, etc. It's not security
bug, it's expected behaviour for Power User's group.

-- 
~/ZARAZA
Есть там версии Отелло, где Дездемона душит Мавра. (Лем)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html