Microsoft Zero Administration Kit ZAK 1.0 and Office97 Backdoor Vulnerability

ID EDB-ID:19144
Type exploitdb
Reporter Satu Laksela
Modified 1999-01-07T00:00:00


Microsoft Zero Administration Kit (ZAK) 1.0 and Office97 Backdoor Vulnerability. CVE-1999-1431. Local exploit for windows platform


Zero Administration Kit (ZAK) was designed to allow administrators to (among other things) lock down the NT environment and restrict the user's access to certain applications and system functions.

In an instance where the end-user is not allowed to execute Windows Explorer and other "forbidden applications" (ie Quake), the following workaround was noted:

Open Word or Excel.

Select File:Open. Right click on the background of the File:Open window. A prompt will appear that will allow the user to select "Browse". Browse will open Windows Explorer.

Assuming the user has write access to the temp directory, create a special directory in temp and copy in the executables of the forbidden applications to this directory. These applications can now be executed and will circumvent the policies established by ZAK.