BugTraq
Back to list
|
Post reply
ZH2003-5SA (security advisory): Windows beta webserver for pocket pc: full remote access.
Aug 02 2003 09:19PM
G00db0y (G00db0y zone-h org)
ZH2003-5SA (security advisory): Windows beta webserver for pocket pc: full
remote access.
Published: 03/08/2003
Released: 03/08/2003
Name: Windows beta webserver for pocket pc: full remote access
Issue: Remote attackers have full access to pocket pc.
Author: G00db0y & SyS64738
Contact us: G00db0y (at) zone-h (dot) org [email concealed] & admin (at) zone-h (dot) org [email concealed]
Vendor: www.microsoft.com
Description
***********
Zone-h Security Team has discovered a security flaw in
Windows beta webserver for pocket pc.
Details
*******
As announced by SyS64378 at his Defcon speech.
The default installation of windows beta webserver allows an attacker to
gain full remote access without authentication simply logging to
http://attacked_host/admin
The vendor has been notified and confirmed the vulnerability.
The product has been taken away from Microsoft website and will soon be
replaced with a patched version.
Suggestions:
************
Disinstall it from your pocket pc.
G00db0y - SyS64738 www.zone-h.org admins
Original advisory here: http://www.zone-h.org/en/advisories/read/id=2808/
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
ZH2003-5SA (security advisory): Windows beta webserver for pocket pc: full
remote access.
Published: 03/08/2003
Released: 03/08/2003
Name: Windows beta webserver for pocket pc: full remote access
Issue: Remote attackers have full access to pocket pc.
Author: G00db0y & SyS64738
Contact us: G00db0y (at) zone-h (dot) org [email concealed] & admin (at) zone-h (dot) org [email concealed]
Vendor: www.microsoft.com
Description
***********
Zone-h Security Team has discovered a security flaw in
Windows beta webserver for pocket pc.
Details
*******
As announced by SyS64378 at his Defcon speech.
The default installation of windows beta webserver allows an attacker to
gain full remote access without authentication simply logging to
http://attacked_host/admin
The vendor has been notified and confirmed the vulnerability.
The product has been taken away from Microsoft website and will soon be
replaced with a patched version.
Suggestions:
************
Disinstall it from your pocket pc.
G00db0y - SyS64738 www.zone-h.org admins
Original advisory here: http://www.zone-h.org/en/advisories/read/id=2808/
[ reply ]