Backdoor in R.I Soft Systems 4th of July Screensaver

A back door exists in the 4th of July Fireworks demo screensaver from Rhode Island Soft Systems.

Ken Pfeil

July 5, 2001

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Reported July 5, 2001, by KenPfeil.

VERSION AFFECTED

 

  • Rhode Island Soft Systems’ 4th of July Fireworks demo screensaver for Windows 2000, Windows NT, and Windows 9x

 

DESCRIPTION
A back door exists in the 4thof July Fireworks demo screensaver from Rhode Island Soft Systems. Bypressing the space bar on the keyboard, it's possible to circumvent thescreensaver's lock workstation function. A malicious user can make the defaultWeb browser appear with the Rhode Island Soft System Web site by using thesecurity context of the currently logged-on user. From there, the attacker canrun explorer.exe in the browser’s address window to get the desktop and to runany other program under this context. A malicious user can also exploit thisvulnerability remotely through Windows 2000 Terminal Services Advanced Client(formerly known as Terminal Services Web Client). 

 

VENDOR RESPONSE

Thevendor, Rhode Island SoftSystems, was notified about this vulnerability, but doesn't intend torelease a fix for this issue. To work around this problem, a user can uninstallthe demo screensaver software.

 

CREDIT
Discovered by SteveJohns.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like