SmartStuff FoolProof Security Program Restriction Bypass Vulnerability
BID:2089
Info
SmartStuff FoolProof Security Program Restriction Bypass Vulnerability
| Bugtraq ID: | 2089 |
| Class: | Design Error |
| CVE: |
CVE-2001-0030 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 09 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | Reported to bugtraq by Bryan Hughes <[email protected]> on 8 Dec 2000. |
| Vulnerable: |
SmartStuff FoolProof Security 3.9 |
| Not Vulnerable: | |
Discussion
SmartStuff FoolProof Security Program Restriction Bypass Vulnerability
A vulnerability exists in SmartStuff's FoolProof Security for Windows 9x/Me.
The application, which is designed to restrict the executables which can be run on a (usually public) workstation, can be circumvented by downloading (ie, via FTP) and renaming a copy of the disallowed executable.
As a result, a user can execute programs, such as format, fdisk, etc., which were not intended to be run on the affected system.
A vulnerability exists in SmartStuff's FoolProof Security for Windows 9x/Me.
The application, which is designed to restrict the executables which can be run on a (usually public) workstation, can be circumvented by downloading (ie, via FTP) and renaming a copy of the disallowed executable.
As a result, a user can execute programs, such as format, fdisk, etc., which were not intended to be run on the affected system.
Exploit / POC
SmartStuff FoolProof Security Program Restriction Bypass Vulnerability
Currently the SecurityFocus staff are not aware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
SmartStuff FoolProof Security Program Restriction Bypass Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
SmartStuff FoolProof Security Program Restriction Bypass Vulnerability
References:
References: