CVE-1999-1400
CVSS2.1
发布时间 :1999-06-03 00:00:00
修订时间 :2016-10-17 22:04:04
NMCOS    

[原文]The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet Explorer while the screen is still locked.


[CNNVD]经济学家屏幕保护程序中的漏洞(CNNVD-199906-008)

        经济学家屏幕保护程序1999当“Password Protected”选项有效的时候存在漏洞。具有物理访问机器权限的用户在屏幕仍然锁定时借助运行Internet Explorer可以绕过屏幕保护程序并且读取文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1400
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1400
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199906-008
(官方数据源) CNNVD

- 其它链接及资源

http://archives.indenial.com/hypermail/ntbugtraq/1999/June1999/0007.html
(VENDOR_ADVISORY)  NTBUGTRAQ  19990603 Huge Exploit in NT 4.0 SP5 Screensaver with Password Protection Enabled
http://archives.indenial.com/hypermail/ntbugtraq/1999/June1999/0009.html
(VENDOR_ADVISORY)  NTBUGTRAQ  19990603 Re: Huge Exploit in NT 4.0 SP5 Screensaver with Password Protecti on Enabled.
http://marc.info/?l=ntbugtraq&m=92851653600852&w=2
(UNKNOWN)  NTBUGTRAQ  19990604 Official response from The Economist re: 1999 Screen Saver
http://www.securityfocus.com/bid/466
(UNKNOWN)  BID  466

- 漏洞信息

经济学家屏幕保护程序中的漏洞
低危 访问验证错误
1999-06-03 00:00:00 2005-10-20 00:00:00
本地  
        经济学家屏幕保护程序1999当“Password Protected”选项有效的时候存在漏洞。具有物理访问机器权限的用户在屏幕仍然锁定时借助运行Internet Explorer可以绕过屏幕保护程序并且读取文件。

- 公告与补丁

        This vulnerability may have been fixed in the latest release of the economist screen saver.

- 漏洞信息

13511
Economist Screen Saver 1999 Password Protection Bypass
Physical Access Required

- 漏洞描述

Unknown or Incomplete

- 时间线

1999-06-03 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Economist Screen Saver Vulnerability
Access Validation Error 466
No Yes
1999-06-03 12:00:00 2009-07-11 12:56:00
This vulnerability was reported to NTBugtraq by Ed Walsh <walsh@bwater.com>.

- 受影响的程序版本

Microsoft Windows NT 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Workstation 4.0
+ Microsoft Windows NT Workstation 4.0
Microsoft Windows 98
Microsoft Windows 95

- 漏洞讨论

The Economist 99 screen saver application (available from http://www.economist.com) may be configured to allow unauthorized users to access system resources without a password, even though the screen saver has been set to require NT user authentication. If the Password Protected checkbox has been enabled, it is still possible to launch Internet Explorer. Using IE, it is possible to browse local system resources and launch various applications.

If the screen saver is running under the context us the logged-on console user, the attacker will only have access to resources to which the logged-on console user has access.

- 漏洞利用

When the economist screen saver is active, open Internet Explorer. Within Explorer, it is possible to access system resources.

- 解决方案

This vulnerability may have been fixed in the latest release of the economist screen saver.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站