|
Microsoft WinNT 'Recycle Bin Creation' Vulnerability patch
-
Version
1
Under a very daunting set of conditions, a malicious user could create, delete or modify files in the Recycle Bin of another user who shared the machine. In most cases, the vulnerability would not allow the malicious user to read the files unless they already had read permission to do so. The Windows NT Recycle Bin for a given user maps to a folder, whose name is based on the owner's SID. The folder is created the first time the user deletes a file, and the owner is given sole permissions to it. However, if a malicious user could create the folder before the bona fide one were created, he or she could assign any desired permissions to it. This would allow him or her to create, modify or delete files in the Recycle Bin, but in most cases would not enable them to read files unless he or she already were able to.
|