VULHUB ™

When an NT user uses the Recycle Bin for the first time on a given partition, a folder is created in the \Recycler folder on that partition with the name of the new folder set to the user's SID. When this happens, appropriate permissions are set to prevent other users from accessing files in that folder. However, if that folder does not yet exist, a local attacker can create it, set arbitrary permissions, and then later access any files deleted by the user. The files themselves will retain their original permissions, but if the attacker gives him/herself Full Access to the user's Recycler folder they can overwrite files with arbitrary content. This vulnerability only applies to NTFS partitions, as there is no local access control on any files on a FAT partition.

When an NT user uses the Recycle Bin for the first time on a given partition, a folder is created in the \Recycler folder on that partition with the name of the new folder set to the user's SID. When this happens, appropriate permissions are set to prevent other users from accessing files in that folder. However, if that folder does not yet exist, a local attacker can create it, set arbitrary permissions, and then later access any files deleted by the user. The files themselves will retain their original permissions, but if the attacker gives him/herself Full Access to the user's Recycler folder they can overwrite files with arbitrary content. This vulnerability only applies to NTFS partitions, as there is no local access control on any files on a FAT partition.