CVE-2003-1233 Information

Description

Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers such as rootkits to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.

Reference

http://archives.neohapsis.com/archives/bugtraq/2003-01/0017.html http://archives.neohapsis.com/archives/bugtraq/2003-01/0018.html http://secunia.com/advisories/7816 http://www.phrack.org/show.php?p=59&a=16 http://www.securityfocus.com/bid/6511 https://exchange.xforce.ibmcloud.com/vulnerabilities/10979