Sorry if this has been brought up before, I searched the archives and
didnt find anything.
Problem: Autorun runs even when passworded screensaver is active.
Scenario: Burn a CD-ROM with whatever program you want to run on the
passworded machine, put it in autorun.inf, and just put it in the machine,
this can be used to run and do just about anything, one more reason not to
rely on microsoft for your security :)
I dont suppose this is actually an exploit, but it's exploitable on 80% of
the machines running Windows since not a whole lot of people turn autorun
off, a few friends had a great time going to wal-mart, popping the CD in,
removing the screen savers and a password utility they had on there, then
having full access, this could easily be used to walk over to a machine,
pop a disk in drive A, have it autorun a batch file on the CD to copy
say, Turbo Tax documents, Quicken, (you get the idea :)
Matt Hallacy, poptix@Efnet
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:54:19 PDT