|
Windows 2000/XP PostMessage Password Disclosure
|
|
Secunia Advisory:
|
SA8329
|
|
|
Release Date:
|
2003-03-18
|
|
Popularity:
|
15,101 views
|
|
|
Critical:
|
 Less critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
Local system
|
|
Solution Status:
|
Unpatched
|
|
| OS: | Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows XP Home Edition Microsoft Windows XP Professional
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description: An information disclosure vulnerability has been identified in Windows 2000 and Windows XP, which can be exploited by a malicious, local user to gain knowledge of sensitive information.
The vulnerability is caused by an access control error in the Windows API, which allows a program using the PostMessage function to send EM_SETPASSWORDCHAR messages to the message queue of dialog boxes owned by other processes. This can be exploited to disclose masked passwords by constructing a password revealing program.
This kind of programs have previously been known for other versions of Windows, but have not existed for Windows 2000/XP, since the SendMessage function exploited in these programs was secured in Windows 2000/XP.
Change Page: [ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|