Security issues with Compaq Easy Access Keyboard software ------------------------------------------------------------------------ SUMMARY Compaq's Easy Access Keyboard software version 1.3 contains a bug that allows a privilege escalation on the local machine or domain. DETAILS Vulnerable systems: Compaq's Easy Access Keyboard software version 1.3 Immune systems: Compaq's Easy Access Keyboard software version 1.5.1 The Easy Access Keyboard software is used to provide the functionality of the custom buttons on the keyboards that ship with their iPaq desktops. The default for most of the buttons is to launch the default browser and load a specified web site. However, due to a bug in the software, these custom keys function even if the NT/Win2K workstation is locked via Ctrl-Alt-Del, Lock Workstation. Closing all application, locking the workstation, pressing one of the custom buttons, and unlocking the workstation can demonstrate this. You will find a browser process has been launched, even though the workstation was locked when you pressed the button. To add to the problem, a malicious user can modify the function of these buttons via a network share. Modifying the file "\program files\compaq\easy access keyboard\global.kmp" changes the function of the custom buttons. Thus, it would be possible for a user of the local machine to compromise the machine remotely. Since the software runs under the context of the interactive user, this would provide a privilege escalation possibility if the interactive user is a domain admin. Solution: Compaq has fixed the problem in version 1.5.1, which can be downloaded at: <http://www.compaq.com/support/files/desktops/us/download/9068.html> http://www.compaq.com/support/files/desktops/us/download/9068.html -- Eko Sulistiono MIKRODATA & AntiVirus Media Web: http://www.mikrodata.co.id/ WAP: http://www.mikrodata.co.id/wap/index.wml This message contains no viruses. Guaranteed by AVP. ------------------------------------------------------------------------ Forum Komunikasi Penulis-Pembaca MIKRODATA (FKPPM) Informasi : http:[EMAIL PROTECTED] Arsip : http://www.mail-archive.com/forum%40mikrodata.co.id/ WAP : http://mikrodata.co.id/wap/index.wml Milis ini menjadi kontribusi beberapa rubrik yang diasuh tim MIKRODATA. Termasuk rubrik-rubrik yang ada di media lain. Memakai, Menyebarluaskan, dan Memperbanyak software bajakan adalah tindakan kriminal. Please check with the latest AVP update before you ask about virus: ftp://mikrodata.co.id/avirus_&_security/AntiViral_Toolkit_Pro/avp30.zip
