FREE Registration is required
Overview:
On Windows 2000, the default permissions provide the Everyone group with Full access (Everyone:F) on the system root folder (typically, C:\). In most cases, the system root is not in the search path. However, under certain conditions for instance, during logon or when applications are invoked directly from the Windows desktop via Start | Run it can be. This situation gives rise to a scenario that could enable an attacker to mount a Trojan horse attack against other users of the same system, by creating a program in the system root with the same name as some commonly used program, then waiting for another user to subsequently log onto the system and invoke the program. The Trojan horse program would execute with the users own privileges, thereby enabling it to take any action that the user could take. The simplest attack scenario would be one in which the attacker knew that a particular system program was invoked by a logon script. In that case, the attacker could create a Trojan horse with the same name as the system program, which would then be executed by the logon script the next time someone logged onto the system. Other scenarios almost certainly would require significantly greater user interaction for instance, convincing a user to start a particular program via Start | Run and would necessitate the use of social engineering.
(Is this item miscategorized? Does it need more tags? Let us know.)
| Format: | Software | ||
| Date: | Oct 2002 | Version: | Q327522 |
| License: | Update | ||
| Platform: | Windows | ||
| System Req: | Windows 2000 |
Top results from Spyware Removers
 |
Brightfilter Parental Control 2009 2.1.0.1 (Windows) |
|
Spyware Doctor 2010 7.0.0.508 (Windows) |
|
Norton 360 3.0 (Windows) |
|
Parent Cyber Alert 4.30 (Windows) |
|
Webroot Spy Sweeper 6.1 (Windows) |
White Papers, Webcasts, and Resources
- Windows Phones and Unified Communications MicrosoftGain a more solid understanding of UC, why it’s essential for your business today, and what makes Windows phones ideal for secure UC environments.
- Enterprise and Web 2.0 application support in a modern mainframe environment IBMSee how IBM WebSphere Portal software can help you develop a Web presence based on individual needs while unlocking value for customers and employees.
- IBM Lotus Sametime Demo: Real-time. Right Now. IBMIBM Lotus Sametime software helps you keep pace with your real-time work environment through market-leading, award-winning enterprise instant messaging and Web conferencing capabilities.
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
Meet Doc
-
-
Here to help you with your Document Management Needs
- Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
- To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
-
Produced by
ZDNet and -
