20th Feb 2003 [SBWID-6001]
COMMAND
	Priviledge escalation
SYSTEMS AFFECTED
	Windows XP
PROBLEM
	Thanks to Tristan aka Timus [http://www.Security-Corp.org] :
	
	 http://www.security-corp.org/advisories/SCSA-004-FR.txt
	
	A vulnerability was found allowing an user of a  restricted  session  to
	have access to private files belonging to any user of the machine,  also
	the administrators.
	 EXPLOIT
	 ________________________________________________________________________
	The exploit is very simple, it is enough to install a httpd Server  such
	as ŠApache. Put them on the disc where Windows  Microsoft  is  installed
	as resources of the server. Connect you to the following address:
	
	 http://localhost/
	
	The index of the disc thus appears to the screen.  You  can  then  cross
	the directory /documents and  Setting/  and  so  to  reach  the  private
	files.
SOLUTION
	?