VULHUB ™

Any user without administrative or power user privileges is capable of reading a complete listing of all known files and their physical locations on a NT system running WQuinn DiskAdvisor 4.1 by running a report through this particular application. This also includes a read out of administrative shares. However, the exploit does not grant the user the capability to read the contents of the files. Update (October 17, 2000): Although it was stated in the Delphis advisory that QuotaAdvisor was susceptible to this vulnerability, it is actually the product DiskAdvisor that is vulnerable.

Any user without administrative or power user privileges is capable of reading a complete listing of all known files and their physical locations on a NT system running WQuinn DiskAdvisor 4.1 by running a report through this particular application. This also includes a read out of administrative shares. However, the exploit does not grant the user the capability to read the contents of the files. Update (October 17, 2000): Although it was stated in the Delphis advisory that QuotaAdvisor was susceptible to this vulnerability, it is actually the product DiskAdvisor that is vulnerable.