Backdoor in "Living Waterfalls Screensavers" by Rhode Island Soft Systems
Soft Systems. By pressing the space bar on the keyboard, it's possible to circumvent the screensaver's lock workstation function.
A malicious user can make the default Web browser appear with the RI Soft System Web site by using the security context of the currently logged-on user. From there, the attacker can run explorer.exe in the browser?s address window to get the desktop and to run any other program under this context. A malicious user can also exploit this vulnerability remotely through Windows 2000 Terminal Services Advanced Client (formerly known as Terminal Services Web Client)....
Backdoor in R.I. Soft Systems Living Waterfalls Screensaver
VERSIONS AFFECTED
Rhode Island Soft Systems? Living Waterfalls demo screensaver for Windows 2000, Windows NT, and Windows 9x
VENDOR RESPONSE
The vendor, Rhode Island Soft Systems, was notified and doesn't intend to release a fix for this issue. To work around this vulnerability, a user can uninstall the screensaver software.
CREDIT
Discovered by Steve Johns.
SNP.