Gravity Storm Service Pack Manager 2000 Directory Permissions Vulnerability

An issue has been reported in Gravity Storm Service Pack Manager, which allows the everyone group read and write permissions to the System32 directory.

Reportedly, this occurs when the Service Pack Manger is installed. A hidden share is created which is mapped to the local drive. As a result, local users could gain access to this share with read and write permissions.

It should be noted that the 'C:\winnt\system32\repair' directory, has only been reported to allow read access.


 

Privacy Statement
Copyright 2010, SecurityFocus