Hi, As I understand it the unicode vulnerability allows the attacker to run commands under the IUSR_Machine context. My question is this, given that Nimda attempts to add the user Guest to the local administrators group it must also perform some sort of Local priviledge escalation as this operation would not be possible by the IUSR_machine account. Does this make sense or am I missing something. Regards, Ross. - Ross Bushby Network Security Consultant Real Solutions. Tel:0208 3914080 Units B&C, Oakcroft Business Centre, Fax:0208 391 4081 Oakcroft Rd, Chessington Web:http://www.cardinal.co.uk Surrey, KT9 1RH E-mail: Ross_bushbyat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 08:37:49 PDT