Reported December 8, 2000 by Bryan Hughes

VERSIONS AFFECTED
  • FoolProof Desktop Security

DESCRIPTION

A vulnerability has been identified in FoolProof Desktop Security. The vulnerability lies in the way that the software restricts certain programs by its common executable name.

By default, FoolProof does not protect command.com from being launched. A malicious user can use the command-line FTP client supplied by default in Windows 9x installations to download other restricted programs, such as copy.exe, that are simply renamed to something else.

DEMONSTRATION

For example, if a malicious user places a copy of xcopy.exe on a renamed FTP server, such as xxx.exe, FoolProof does not prevent the user from launching the program.

VENDOR RESPONSE

The vendor has been contacted, but no response has been received. It is recommended that users reconfigure FoolProof Desktop Security not to allow access to the command prompt. FTP clients should be restricted also.

CREDIT
Discovered by
Bryan Hughes