Zero Administration Kit (ZAK) Workaround

vendor:

Zero Administration Kit (ZAK)

by:

Unknown

5.5

CVSS

MEDIUM

Bypassing Application Restrictions

200

CWE

Product Name: Zero Administration Kit (ZAK)

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows

Unknown

Zero Administration Kit (ZAK) Workaround

By using a workaround in Word or Excel, a user can bypass the application restrictions set by Zero Administration Kit (ZAK). The user can open the File:Open window, right-click on the background, select 'Browse', and open Windows Explorer. From there, the user can create a special directory in the temp folder and copy the executables of forbidden applications into it. These applications can then be executed, circumventing ZAK's policies.

Mitigation:

To mitigate this vulnerability, administrators should review and update the ZAK policies to ensure that the desired restrictions are enforced. Additionally, regular security audits should be performed to identify and address any potential bypasses.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/181/info

Zero Administration Kit (ZAK) was designed to allow administrators to (among other things) lock down the NT environment and restrict the user's access to certain applications and system functions.

In an instance where the end-user is not allowed to execute Windows Explorer and other "forbidden applications" (ie Quake), the following workaround was noted:

Open Word or Excel.

Select File:Open. Right click on the background of the File:Open window. A prompt will appear that will allow the user to select "Browse". Browse will open Windows Explorer.

Assuming the user has write access to the temp directory, create a special directory in temp and copy in the executables of the forbidden applications to this directory. These applications can now be executed and will circumvent the policies established by ZAK.