[Am-info] Windows beta webserver for pocket pc: full remote access.
Fred A. Miller
fmiller@lightlink.com
Mon, 4 Aug 2003 16:03:24 -0400
ZH2003-5SA (security advisory): Windows beta webserver for pocket pc: full=
=20
remote access.
Published: 03/08/2003
Released: 03/08/2003
Name: Windows beta webserver for pocket pc: full remote access
Issue: Remote attackers have full access to pocket pc.=20
Author: G00db0y & SyS64738
Contact us: G00db0y@zone-h.org & admin@zone-h.org
Vendor: www.microsoft.com
Description
***********
Zone-h Security Team has discovered a security flaw in=20
Windows beta webserver for pocket pc.=20
Details
*******
As announced by SyS64378 at his Defcon speech.
The default installation of windows beta webserver allows an attacker to
gain full remote access without authentication simply logging to=20
http://attacked_host/admin
The vendor has been notified and confirmed the vulnerability.
The product has been taken away from Microsoft website and will soon be=20
replaced with a patched version.
Suggestions:
************
Disinstall it from your pocket pc.
G00db0y - SyS64738 www.zone-h.org admins
Original advisory here: http://www.zone-h.org/en/advisories/read/id=3D2808/
=2D-=20
Planet Earth - a subsidiary of Microsoft=AE.
We have no bugs in our software, Never!,=20
We do have undocumented added features,
that you will find amusing, at no added cost,=20
to you, at this time.