Vulners
Lucene search
Microsoft Windows NT 4.0 Recycle Bin Pre-created Folder Vulnerability
Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Recycle Bin Pre-created Folder Vulnerability
source: http://www.securityfocus.com/bid/963/info
When an NT user uses the Recycle Bin for the first time on a given partition, a folder is created in the \Recycler folder on that partition with the name of the new folder set to the user's SID. When this happens, appropriate permissions are set to prevent other users from accessing files in that folder. However, if that folder does not yet exist, a local attacker can create it, set arbitrary permissions, and then later access any files deleted by the user. The files themselves will retain their original permissions, but if the attacker gives him/herself Full Access to the user's Recycler folder they can overwrite files with arbitrary content.
This vulnerability only applies to NTFS partitions, as there is no local access control on any files on a FAT partition.
This exploit will create a range of folders in th e\Recyycler folder of the selected partition, with names based on projected SID numbers erived from the user's own SID.
Usage: RecyclerSnooper #_of_folders driveletter
Example: RecyclerSnooper 200 C
http://www.exploit-db.com/sploits/19739.exe
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1