Thread: Security issue
View Single Post
Old 01-26-2009, 11:59 AM   #65
rps
Registered
 
Join Date: Oct 2008

Posts: 57
Originally posted by Dale:
For the info of folks watching this thread - essentially all that script does is "http://www.serenescreen.com" (with the appropriate amount of fiddling to get the environment right).

This is clearly done in "user" context, after a correct password has been supplied.  
Ok, I have to ask: how does a process in the null session get a .js to launch in another session? It doesn't seem like that should even be possible under Windows' security rules.

~Ralph S.
rps is offline   Reply With Quote