Bugtraq mailing list archives
RE: Execution Rights Not Checked Correctly For 16-bit Application s
From: "Vigneau, Steve" <steve.vigneau () eds com>
Date: Wed, 18 Sep 2002 16:39:00 -0400
I wasn't able to duplicate this on a Windows 2000 SP3 box. I think it may have been fixed there, seeing as this document was written before SP3 was released. --Steve -----Original Message----- From: Torbjörn Hovmark [mailto:torbjorn.hovmark () abtrusion com] Sent: Wednesday, September 18, 2002 1:35 PM To: bugtraq () securityfocus com Subject: Execution Rights Not Checked Correctly For 16-bit Applications A 16-bit executable file can be loaded for execution even though the file is flagged with execute permission denied. Platforms: Windows NT, 2000, XP Overview: Windows NT/2000/XP do not check execution rights correctly before allowing 16-bit executables to load. This makes it possible to load and execute 16-bit files without execute permission. For example, the command line COMMAND /c 16BitApp.exe will always run the application 16BitApp.exe regardless of execute permission. Any application or system setup that depends on access control lists to protect from remote or local code execution is potentially vulnerable. Background: For a background discussion and more detailed instructions of how to reproduce, see http://www.abtrusion.com/msexe16.asp Workaround: Disable NTVDM.EXE. It is possible to do this by denying everyone EXECUTE permission for NTVDM.EXE. Please note that this will disable all 16-bit programs. Status: The bug was reported to Microsoft on July 2, 2002. Microsoft plans to fix this bug in future service packs. Vendor Statement: Microsoft wants to make the following statement: "Microsoft will fix this and Microsoft feels that a service pack is the most appropriate way to address this issue." ______________________________________ Abtrusion Security AB http://www.abtrusion.com
Current thread:
- RE: Execution Rights Not Checked Correctly For 16-bit Application s Vigneau, Steve (Sep 18)
- Re: Execution Rights Not Checked Correctly For 16-bit Applications Torbjörn Hovmark (Sep 19)