Bugtraq mailing list archives
Re: Windows (me) printer sharing vulnerability
From: Slawek <sgp () TELSATGP COM PL>
Date: Fri, 27 Oct 2000 23:44:11 +0200
oops, sorry for answering to my own post Friday, October 27, 2000 2:15 PM +0200, Slawek wrote:
Every VxD placed in SYSTEM\vmm32 is automatically loaded and executed on system bootup.
It's not the way I've said here. I just remembered bootstrap VxD loader cound be abused and it could, in fact, but not that way. Every VxD that is mentioned in the registry (in some place, don't care where for now) is loaded at bootstrap, but some of them are placed in VMM32.VxD If a VxD is present is SYSTEM\vmm32 and in VMM32.VxD then system loads it from SYSTEM\vmm32 It is not marked in the registry if the file should be loaded from a separate file or from the VMM32.VxD So we just need to make a copy of one of the system's VxDs from VMM32.VxD and place it's trojaned version in SYSTEM\vmm32 Now I hope I'm correct, Slawek
Current thread:
- Windows (me) printer sharing vulnerability Pedram Amini (Oct 27)
- Re: Windows (me) printer sharing vulnerability Slawek (Oct 28)
- Re: Windows (me) printer sharing vulnerability Slawek (Oct 30)
- Re: Windows (me) printer sharing vulnerability Robert Graham (Oct 28)
- Re: Windows (me) printer sharing vulnerability Slawek (Oct 28)