[il-talk] Critical security flaw in JAWS
Edwin Rodriguez
conibodyworks at gmail.com
Mon Oct 19 22:00:11 UTC 2009
Hay is this real?
I won't be trying it.
Hey Sam when you have a chance, call me;
787-586-7319.
Thanks
Edwin
----- Original Message -----
From: "Sam Joehl" <sam.joehl at ssbbartgroup.com>
To: "'developer'" <developer at ssbbartgroup.com>
Cc: <techexchange at freelists.org>; <promotion-technology at nfbnet.org>;
<il-talk at nfbnet.org>
Sent: Monday, October 19, 2009 8:15 AM
Subject: [il-talk] Critical security flaw in JAWS
By Tyler Spivey
I have found a critical security flaw in the JAWS Screen reader that
allows an attacker to gain full system-level access to
the machine. I have tested this on 32-bit Windows Vista
with JAWS 10.0.1154 and 32-bit Windows 7 with JAWS 11.0.611 Beta.
Instructions:
1. From the Windows logon screen with JAWS running, press insert+f2. Run
JAWS Manager will appear.
2. Select Settings Packager, and press ok. Settings Packager will open.
3. From Settings Packager, go to File menu > Open, or press ctrl+o.
4. In the open dialog, type "%windir%\system32\*.exe" into the file name
field (without the quotes) and press enter.
5. In the list of files, find cmd. Right click on it, or press the
applications key and select Run as Administrator.
A system-level command prompt should open. To get out of it, type exit and
press enter, then close the Settings Packager.
Update 2009-10-17: updated contact info with secondary email address.
Please send any mail there until this note is removed.
Contact information:
tyler Spivey
Email: <mailto:tspivey at pcdesk.net> tspivey8 at gmail.com, PGP key:
0×048C58A4
Twitter: tspivey
_______________________________________________
il-talk mailing list
il-talk at nfbnet.org
http://www.nfbnet.org/mailman/listinfo/il-talk_nfbnet.org
To unsubscribe, change your list options or get your account info for
il-talk:
http://www.nfbnet.org/mailman/options/il-talk_nfbnet.org/conibodyworks%40gmail.com
More information about the IL-Talk
mailing list