Re: Windows (me) printer sharing vulnerability

[Slawek <sgp () TELSATGP COM PL>]

oops, sorry for answering to my own post


Friday, October 27, 2000 2:15 PM +0200, Slawek wrote:
> Every VxD placed in SYSTEM\vmm32 is automatically loaded and executed on
> system bootup.


It's not the way I've said here. I just remembered bootstrap VxD loader
cound be abused and it could, in fact, but not that way.


Every VxD that is mentioned in the registry (in some place, don't care where
for now) is loaded at bootstrap, but some of them are placed in VMM32.VxD

If a VxD is present is SYSTEM\vmm32 and in VMM32.VxD then system loads it
from SYSTEM\vmm32

It is not marked in the registry if the file should be loaded from a
separate file or from the VMM32.VxD


So we just need to make a copy of one of the system's VxDs from VMM32.VxD
and place it's trojaned version in SYSTEM\vmm32


Now I hope I'm correct,
Slawek