exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

windowsWhoops.txt

windowsWhoops.txt
Posted Oct 13, 2004
Authored by Bipin Gautam | Site geocities.com

A fluke in NTFS permission handling allows files to be locked even from an administrator, disallowing virus scanners to access it, etc.

tags | advisory, virus
SHA-256 | 3f19ca6c44da8f3ce435dfc9b60fe34f575b52abd7e3fecdd081f2f790c04eae

windowsWhoops.txt

Change Mirror Download
All Antivirus, Trojan, Spy ware scanner, Nested file
manual scan bypass bugs. [Part IV]

Risk Level: Medium
Affected Product: (Should be) all Antivirus, Trojan,
Spy ware scanners for windows.

Description:
------------

A malicious code can reside in a computer (with users
privilage) bypassing "manual scans" of any
Antivirus, Trojan & Spy ware scanners by simply
issuing this command to itself.

cacls hUNT.exe /T /C /P dumb_user:R

...this is only due to the design fault in Microsoft
Windows, the way it handles NTFS permission.By this
way... any software’s with even Admin./SYSTEM
privilege can't access this file (hUNT.exe) normally
because the only person who has normal access to this
file is "dumb_user"

No wonder, there are several false assumptions in
windows security configuration as well, when a JOE
administrator could permenantly lock himself up in his
own machine.

regards,
Bipin Gautam
http://www.geocities.com/visitbipin




Disclaimer: The information in the advisory is
believed to be accurate at the time of printing based
on currently available information. Use of the
information constitutes acceptance for use in an AS IS
condition. There are no warranties with regard to this
information. Neither the author nor the publisher
accepts any liability for any direct, indirect or
consequential loss or damage arising from use of, or
reliance on this information.



__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail

Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close