quincy
07-24-2005, 09:33 PM
Slashdot linked (http://hardware.slashdot.org/article.pl?sid=05/07/24/069210&tid=172&tid=137) to this article on eWeek (http://www.eweek.com/article2/0,1895,1840141,00.asp) which describes a buffer-overflow vulnerability that would allow a person with physical access to your machine (enough to plug in a USB device) to get admininstrator access to it.
According to the article, there are a number of standard drivers built-in to Windows known to have buffer-overflow vulnerabilities. A user who wants access to a Windows 2000 or XP machine could program a USB memory stick to pose as a device with the driver vulnerability. This will trigger the loading of the flawed driver (as a system level user) and open up the system for the buffer-overflow exploit.
Read the article for more about this issue and what can be done about it.
Quincy (http://quincy.cabell.org/)
According to the article, there are a number of standard drivers built-in to Windows known to have buffer-overflow vulnerabilities. A user who wants access to a Windows 2000 or XP machine could program a USB memory stick to pose as a device with the driver vulnerability. This will trigger the loading of the flawed driver (as a system level user) and open up the system for the buffer-overflow exploit.
Read the article for more about this issue and what can be done about it.
Quincy (http://quincy.cabell.org/)