Bugtraq mailing list archives
Re: NT Login Default Folder Vulnerability
From: dim () XS4ALL NL (Dimitry Andric)
Date: Wed, 7 Jul 1999 12:02:30 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06-07-99 at 11:56 Ben Greenbaum wrote:
When a user logs into an NT machine, there are a few processes that
are
started automatically, including explorer.exe. These programs are
normally
in %winroot% or %winroot%\system32. The problem is that NT will look
for
these programs first in the user's home directory.
This is ultimately caused by the fact that in MS-DOS, Windows and NT, "." has always implicitly been the first entry in the PATH. And when NT starts up an executable, the current directory is initially set to the user's home directory... Cheers, /Dim - -- Dimitry Andric <dim () xs4all nl> PGP key: http://www.xs4all.nl/~dim/dim.asc KeyID: 4096/1024-0x2E2096A3 Fingerprint: 7AB4 62D2 CE35 FC6D 4239 4FCD B05E A30A 2E20 96A3 -----BEGIN PGP SIGNATURE----- Version: Encrypted with PGP Plugin for Calypso Comment: http://www.gn.apc.org/duncan/stoa_cover.htm iQA/AwUBN4MXn7BeowouIJajEQKJtQCfTelelgKHbOwhMydvy/bJM5Q3ZNkAn2vE f/Xrss1EciwP1LRol91++GDi =DEs4 -----END PGP SIGNATURE-----
Current thread:
- NT Login Default Folder Vulnerability Ben Greenbaum (Jul 06)
- Re: NT Login Default Folder Vulnerability wazza () ARO EE CIT AC NZ (Jul 06)
- Re: NT Login Default Folder Vulnerability Dimitry Andric (Jul 07)
- <Possible follow-ups>
- Re: NT Login Default Folder Vulnerability Russ (Jul 06)