I'm working on creating a program ("My Program") that will communicate with another program ("Their Program") via XML commands over a raw TCP/IP connection. Their program allows files to be written to the disk remotely with administrator privileges. This interface is enabled by default (MAJOR security flaw, I know), and I'm trying to give the other company a worst-case situation of what could happen if a hacker were made aware of this vulnerability and exploited it on a corporate-intranet-connected computer.
- How localized is the security threat?
- Can the attacker compromise network/server security using only this exploit (possibly to exploit other vulns.)? The user is a local admin but a standard network user.
- What other possible threats might be exploitable because of this "feature" that I perhaps have overlooked?
- What would be the best way to protect against this, while still keeping the functionality required? Is there a way to artificially sandbox the program, or check if the files written to disk are not in a sensitive place?