|
Vulnerable Products:=0D =0D Outpost Firewall Pro ver. 3.51.759.6511 (462)=0D =0D And Lavasoft Personal Firewall ver. 1.0.543.5722 (433)=0D =0D =0D =0D Summary of problem: The firewall runs its windows under a SYSTEM context.=0D =0D A user with lower privileges than SYSTEM could locate the (open folder) control on some=0D =0D of these windows, terminate the explorer.exe process and then click on the (open folder) control=0D =0D to open a SYSTEM owned explorer shell logging in right over the top of the previous user!=0D =0D for details see: =0D =0D http://www.ben.goulding.com.au/secad.html=0D =0D =0D