From gregory.lebras@security-corp.org Thu Feb 20 20:39:25 2003 From: "[iso-8859-1] Grégory Le Bras | Security Corporation" To: full-disclosure@lists.netsys.com Date: Wed, 19 Feb 2003 21:33:59 +0100 Subject: [Full-Disclosure] [SCSA-004] Vulnerability in Microsoft Windows XP [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] .: Vulnerability in Microsoft Windows XP :. ________________________________________________________________________ Security Corporation Security Advisory [SCSA-004] ________________________________________________________________________ PROGRAM: Windows XP HOMEPAGE: http://www.microsoft.com VULNERABLE VERSIONS: Professionnel & Home ________________________________________________________________________ DESCRIPTION ________________________________________________________________________ Windows XP Microsoft is a operating system of the multinationnale Microsoft DETAILS ________________________________________________________________________ A vulnerability was found allowing an user of a restricted session to have access to private files belonging to any user of the machine, also the administrators. EXPLOIT ________________________________________________________________________ The exploit is very simple, it is enough to install a httpd Server such as ©Apache. Put them on the disc where Windows Microsoft is installed as resources of the server. Connect you to the following address: http://localhost/ The index of the disc thus appears to the screen. You can then cross the directory /documents and Setting/ and so to reach the private files. SOLUTIONS ________________________________________________________________________ Compress files mattering with a password. VENDOR STATUS ________________________________________________________________________ The vendor has reportedly been notified ------------------------------------------------------------ Tristan aka Timus | http://www.Security-Corp.org ------------------------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html