C:\ProgramData is where "secure" SYSTEM processes go to die.
-
-
Yikes...typically I see DACL overwrites on log files, but running service binaries from there with no lockdown is bad..
-
Program Files is OK because software installed there gets sane ACLs by default through inheritance. ProgramData, on the other hand, requires that the installed software explicitly do the sane thing. So yeah, ProgramData is where the dragons live.
End of conversation
New conversation -
-
-
This is not "WebExec", right? 'cause that vuln had 3 versions: Original, Reloaded and Revolutions!!
But it wasn't in %Programdata% (or %ALLUSERSPROFILE%) -
If you refer to the screenshot, the EXE is in C:\ProgramData\..., and is writable by normal users.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.