ZH2003-5SA (security advisory): Windows beta webserver for pocket pc: full 

remote access.





Published: 03/08/2003



Released: 03/08/2003



Name: Windows beta webserver for pocket pc: full remote access



Issue: Remote attackers have full access to pocket pc. 



Author: G00db0y & SyS64738



Contact us: G00db0y@zone-h.org & admin@zone-h.org



Vendor: www.microsoft.com



Description



***********



Zone-h Security Team has discovered a security flaw in 

Windows beta webserver for pocket pc. 







Details



*******

As announced by SyS64378 at his Defcon speech.



The default installation of windows beta webserver allows an attacker to

gain full remote access without authentication simply logging to 

http://attacked_host/admin





The vendor has been notified and confirmed the vulnerability.

The product has been taken away from Microsoft website and will soon be 

replaced with a patched version.







Suggestions:



************



Disinstall it from your pocket pc.





G00db0y - SyS64738 www.zone-h.org admins



Original advisory here: http://www.zone-h.org/en/advisories/read/id=2808/