RE: How vulnerable is a 'Limited" account on XP?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

More often than not the real issues is one of 'privilege escalation' attempts, or is your question more related to the 'user context' relationship between malicious code infections and access control limitations associated with a non-privileged account?

• - Brad Bemis
• -----Original Message----- From: Bernie Cosell [mailto:bernie@fantasyfarm.com] Sent: Tuesday, July 08, 2003 10:08 AM To: VULN-DEV@securityfocus.com Subject: How vulnerable is a 'Limited" account on XP?

I've been wondering: are there exploits/vulnerabilities that can burrow into a system through a limited account on XP? I've tried playing around a little bit [but I'm really not very much of an XP-hacker] and it sure seems hard to get a toehold on the system from my limited account. With the entire system drive essentially read-only, and with its not being able to mess with ADMIN or SYSTEM processes, I wonder just how vulnerable XP is... [for example, I"ve been tempted (but too chicken) to try intentionally infecting myself with one or another of the email-borne viruses just to see how far they could penetrate into my system].

  /Bernie\

• -- Bernie Cosell Fantasy Farm Fibers mailto:bernie@fantasyfarm.com Pearisburg, VA
  --> Too many people, too few sheep <--
  

-----BEGIN PGP SIGNATURE-----
Comment: KeyID: 0xB8F26ADD
Comment: Fingerprint: 6E1C D617 CD65 A203 7FD5 4C68 90E7 39F4 B8F2 6ADD

iQA/AwUBPwxLPpDnOfS48mrdEQL0DgCg1J7Qp4P24Udzg2yOkyjDyj+hG10An3Wn 9QaLfC/7tAib6Jv6paQPd1lb
=8DVO
-----END PGP SIGNATURE----- Received on Fri Jul 11 16:54:09 2003