Thierry Zoller informed us about four possible privilege escalations in XAMPP for Windows. Thierry, thank you very much for notifying us of this problem.
The problem occurs if the installation path of XAMPP for Windows contains a blank character (like in C:\Program files\XAMPP
) and you're creating a file named C:\Program.exe
. In this case you will be able (for example) to catch the starting FileZilla service and start your own program (C:\Program.exe
) as a service.
To exploit this vulnerability an attacker already needs full access to your C:\ directory to create the needed C:\Program.exe file.
Thierry found three other scenarios within this bug will appear. To find out more details about this problem please take a look into Thierry's Blog
Update May 9th 2006
The current Windows beta
fixes two of the problems based on this bug. We expect the next beta soon which will fix all four problems.
Update May 10th 2006
The new Windows beta
now fixes all problems.