Windows NT4.0/2000 Unspecified Executable Path Exploit Vulnerability

Navigation

User login

GWT in Practice at Manning
GWT in Practice at Amazon
GWT Resources

Unlocking Android at Manning
Unlocking Android at Amazon
Android Resources

Quote

Albert Einstein

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.

Windows NT4.0/2000 Unspecified Executable Path Exploit Vulnerability

Thu, 07/27/2000 - 12:23 — charlie.collins

SecurityFocus has an advisory on an interesting new Windows exploit. The issue is that certain executables do not have a complete path specified in teh registry and windows searches for them in a sepcific order (which starts with current dir, then goes to current dir of parent process, then SYSTEM, Windows and then PATH.)

The programs affected by this include little things like explorer.exe and several system DLLs.

This leads to the obvious conclusion that trojan programs are abhorrently easy to implement. Need to do something you want, install explorer.exe with whatever your trojan is and run it from the current dir.

This exploit does require some local priveleges to pull off, but unfortunately about a hundred other exploits allow local priveleges. Combine the exploits and this is a major issue.

See the SecurityFocus story for further detail. Windows NT4.0/2000 Unspecified Executable Path Exploit Vulnerability