3APA3A has discovered a weakness in Microsoft Windows, which can be exploited by malicious, local users to gain knowledge of certain information.
The problem is caused due to the "ReadDirectoryChangesW()" API not taking into consideration the permissions of sub-directories when monitoring directories. This can be exploited to e.g. disclose file names in protected sub-directories.
Successful exploitation requires that the protected files are in a sub-directory where the parent directory is accessible by the attacker.
The weakness is confirmed on fully-patched Windows XP SP2 and Windows Server 2003 systems. Microsoft Windows 2000 and Vista are also reported to be affected.
Solution: Grant only trusted users access to the system.
Provided and/or discovered by: 3APA3A
Original Advisory: http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052613.html
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft Windows Directory Monitoring Information Disclosure Weakness
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.