Microsoft Windows AEDEBUG Registry Key Vulnerability

The default permissions on some installations of Windows NT allow members of the 'Everyone' group to write to the contents of the value that control what debugger is executed in the event of a system crash.

The registry value in question is:
\HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger

Also, there is a value that controls whether any prompt is issued to the user before the selected debugger is executed:

\HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\auto

Therefore, an attacker could specify code to run in the event of a process crash. Note that the code must already be on the target machine.


 

Privacy Statement
Copyright 2010, SecurityFocus