||Home : Advisories : FoolProof Security vulnerability|
||FoolProof Security vulnerability
||10th December 2000
FoolProof Security is a desktop security application for Windows
95/98/ME. Its purpose is to block users from accessing all programs,
except those which are intended by the administrator. Additionally, it is
intended to allow the user to only save files to specific locations
(usually the floppy disk drive). FoolProof Security is usually found in
computer labs, or on publicly accessible systems.
A vulnerability exsists in FoolProof Security, in that it restricts
certain programs to be executed only by name. By renaming a restricted
program, it can be successfuly executed. This vulnerability can be used to
sucessfully circumvent the security measures put forth by FoolProof, and
even remove it entirely from the system.
The following is an example:
On a system with FoolProof Security installed open an MS-DOS Shell
(usually found in Start Menu -> Programs -> Accessories). ['COMMAND.EXE'
is not restricted by FoolProof.] At the command prompt issue the 'ftp'
command and open a connection to an ftp server in which you have write
access to. ['FTP.EXE' is not restricted by FoolProof.] Upload the
restricted program in which you wish to run. [such as 'deltree',
'xcopy', 'edit', 'fdisk', and 'format'.] Afterwords, download these
programs under a different name. [Use names other than those of restricted
programs. Names such as 'tmp001a.exe' work.] You will now be able to use
these programs, just as if they were the restricted equivilant.
Side Note: Although you can use this process to use 'regedit', the
registry is still locked by FoolProof.
A quick fix, would be the removal of the 'ftp' client (although it will
still be possible to download a simple ftp client that will do the same
Additionally, any shortcuts to 'command' should be removed, as this method
will not work without it.
FoolProof Security can be found at http://www.smartstuff.com.
Bryan A. Hughes