Emerald Editor Discussion
May 24, 2017, 04:33:50 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Please update to the latest version (>= 286)  (Read 26025 times)
0 Members and 1 Guest are viewing this topic.
Pvt_Ryan
Master Jeweller
******
Posts: 422



WWW
« on: April 05, 2010, 12:30:52 pm »

A security flaw has been discovered in the dictionary loading function which could allow a carefully formed dictionary file to run malicious code.

It is low risk as it does involve the attacker to first replace one of the 2 existing files with the malicious one.

Regards,


Ryan
« Last Edit: April 05, 2010, 12:32:49 pm by Pvt_Ryan » Logged
eichertc
Prospector
*
Posts: 1


« Reply #1 on: June 04, 2010, 10:58:05 am »

If I understand well the attacker can gain administrator rights by manipulating a dictionary file of a guest user for example?
Logged
Pvt_Ryan
Master Jeweller
******
Posts: 422



WWW
« Reply #2 on: June 07, 2010, 09:21:21 am »

No.
The bug would allow the attacker to run whatever code they want from within CE, so it would run under whatever account CE is running as with the same rights as that account. CE runs with the highest privilege level that account has so in a lot of cases it would have admin rights.

So

XP user who is admin = CE is admin
XP User without admin = CE is user
Vista/7 user that can become admin = CE is admin
Vista/7 user that cannot become admin = CE is user
Logged
BruceM
Prospector
*
Posts: 2


« Reply #3 on: July 01, 2011, 12:22:33 pm »

Thanx. Answer to this question actually brought me to this forum and made me register
Thanx again Smiley
Logged

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.164 seconds with 18 queries.