This is not only on Windows 95. I believe it occurs on all Win32s. It is known and there have been previous messages about this subject and shared files which are readable. Try: \\win9xserver\PRINTER$ Currently, I have READ access to my x:\windows\system\ directory on my Windows 98 box in this share... "oops" Please read: http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-10-29&msg=CB6657D3A5E0D111A97700805FFE65875D79CA@RED-MSG-51 For more information. x-empt Luis Martin-Santos wrote: > > Hi to all the comunity! > > First of all , this is my first Post to the bugtraq , and > wish it is not the last one. Letīs see the possible hole. > > I was running some Windows 95 OSR2.1 Machines on a local > network when I decided to share the NEC Pinwriter printer > in PC1. I Checked on "Allow other users to share my > printers" and reseted to the changes took part. > > After all the process done , I tried to install the shared > printer in the PC2 and , for my surprise , I found that the > drivers from the Printer where DOWNLOADED from PC1 . This > can allow a Print Server to execute Arbitrary Code on any > machine. > > Since .DRV and .DLL are binary files with integrated > Printer API Calls , malicious user has only to wrap the > Print call in the DLL and insert his/her code instead of > the original one . Note that no user restrictions are used > on w9x , so that code could execute any kind of service or > program . Even a Visual Basic DLL could exploit this > vulnerability. > > Well , I have contributed with my part . Hope you all > find either a way to install a printer remotely on W95/98 > or a way to fix this problem :)) > > Bye > > webmasterat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:56:37 PDT