[17393] in bugtraq
Re: Windows (me) printer sharing vulnerability
daemon@ATHENA.MIT.EDU (Slawek)
Fri Oct 27 17:06:02 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <007101c0400f$87ee4380$0201a8c0@telsatgp.com.pl>
Date: Fri, 27 Oct 2000 14:15:01 +0200
Reply-To: Slawek <sgp@TELSATGP.COM.PL>
From: Slawek <sgp@TELSATGP.COM.PL>
X-To: Pedram Amini <pedram.amini@TULANE.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
Thursday, October 26, 2000 4:18 AM +0200, Pedram Amini wrote:
[snip]
> Replacing any of these files or adding files to the list will cause them
to
> be transferred to a client if they choose to install your printer (or in
the
> case of Windows ME automatically). Paths are preserved on file transfers.
> Ex: from SYSTEM to SYSTEM and from SYSTEM\color to SYSTEM\color. So big
> deal, you can put a trojan on the clients machine but how can you execute
> it? This is the part that I can't find a solid answer to. To the best of
my
> knowledge files can only be placed in the SYSTEM folder or its subfolders.
>
> Here are some of the ideas I came up with given this limitation:
[snip]
Every VxD placed in SYSTEM\vmm32 is automatically loaded and executed on
system bootup.
Hope this helps ;)
Slawek
