User:Dgeerts/DontLookAtMe
Revision as of 13:27, 4 July 2011 by Dgeerts@nikhef.nl (talk | contribs)
Able to run arbitrary executables on Windows Terminal server
- Type: Local arbitrary code execution
- Status: Not fixed
Microsoft Windows' bootloader by default checks the header of the executable it is given, to determine whether it is an EXE, BAT or COM file, and automatically runs it as the proper type. The current configuration on the Nikhef Windows Terminal Server blocks the loading of arbitrary EXE and COM files, but not arbitrary BAT files. Thus, by renaming the file extension from EXE to BAT, this security feature is circumvented, and the executable executed.