[31034] in bugtraq
ZH2003-5SA (security advisory): Windows beta webserver for pocket
daemon@ATHENA.MIT.EDU (G00db0y)
Mon Aug 4 15:49:46 2003
Date: 2 Aug 2003 21:19:49 -0000
Message-ID: <20030802211949.5926.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: G00db0y <G00db0y@zone-h.org>
To: bugtraq@securityfocus.com
ZH2003-5SA (security advisory): Windows beta webserver for pocket pc: full
remote access.
Published: 03/08/2003
Released: 03/08/2003
Name: Windows beta webserver for pocket pc: full remote access
Issue: Remote attackers have full access to pocket pc.
Author: G00db0y & SyS64738
Contact us: G00db0y@zone-h.org & admin@zone-h.org
Vendor: www.microsoft.com
Description
***********
Zone-h Security Team has discovered a security flaw in
Windows beta webserver for pocket pc.
Details
*******
As announced by SyS64378 at his Defcon speech.
The default installation of windows beta webserver allows an attacker to
gain full remote access without authentication simply logging to
http://attacked_host/admin
The vendor has been notified and confirmed the vulnerability.
The product has been taken away from Microsoft website and will soon be
replaced with a patched version.
Suggestions:
************
Disinstall it from your pocket pc.
G00db0y - SyS64738 www.zone-h.org admins
Original advisory here: http://www.zone-h.org/en/advisories/read/id=2808/
