DNS Servers
??? C7. Backup Software
??? C8. Security, Enterprise, and Directory Management Servers
??? Network Devices
??? N1. VoIP Servers and Phones
??? N2. Network and Other Devices Common Configuration Weaknesses
??? Security Policy and Personnel
??? H1. Excessive User Rights and Unauthorized Devices
??? H2. Users (Phishing/Spear Phishing)
??? Special Section
??? Z1. Zero Day Attacks and Prevention Strategies
One vulnerability is a Trojan horse that can be spread through various types of
Microsoft Office files and programmer kits. The Trojan horse??™s reported name is
syosetu.doc. If a user logs in as an administrator on a system and the attacker exploits
this vulnerability, the attacker can take complete control over the system working under
the context of an administrator. The attacker can then delete data, install malicious code,
create new accounts, and more. If the user logs in under a less powerful account type, the
attacker is limited to what she can carry out under that user??™s security context.
A vulnerability in PowerPoint allowed attackers to install a key-logging Trojan horse
(which also attempted to disable antivirus programs) onto computers that executed a
specially formed slide deck.
Pages:
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142