Ricci, That was an old vulnerability discovered in the NT4 days. All you had to do was create a batch file that did something nasty like adding a user account to the administrators group. Make it autorun on a CD and put it in a machine where someone was logged in as an administrator an voila!
That vulnerability was corrected a long time ago. Win2K/2k3 and XP do not have that issue. Roger McLaren Systems Analyst Ventura County Office of Education >>> <[EMAIL PROTECTED]> 5/8/2006 3:39:21 PM >>> Hello All, I'm conducting a security assessment and suddenly I got an interesting question. When I inserted an USB hard disk with screensaver turned on, I can see that my hard disk has been enabled and autoplay must have been executed. However, can an autorun program be executed when screensaver turned on? Is there any way that I can make the autorun executed even with screensaver turned on? Please advise. Thx. Ricci --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
