> > On Windows XP all releases, when you replace, or change the > screensaver displayed on the login screen with a specially > crafted version designed to execute programs, those programs > are launched under the SYSTEM SID, IE: they are given > automatically the highest access level avalible to Windows. > This level is not accessible even to administrators. > > This flaw is important because while one would need Power > User privledges or above to change the Login Screensaver, by > default, any user with the exception of guest can replace the > login screensaver file with a modified version. In theory, > any determined user could execute ANYTHING with SYSTEM > privledges. A similar flaw exists in Win2K, but Microsoft > has ignored it. >
Interesting when read in the context of this: http://support.microsoft.com/default.aspx?scid=kb;en-us;221991&sd=tech _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
