Microsoft Windows NT Dr. Watson 'user.dmp' Permissions Vulnerability

Due to a flaw in Microsoft Windows NT's implementation of Dr. Watson, the Everyone group has Full Control of the crash dump file (user.dmp). The file contains program error details, including information on the computer and the user logged in at the time the error took place. If a user successfully gains access to this file, it is possible to obtain sensitive information, such as users' mail passwords or other private data.

Properly exploited, this information could lead to further compromises of the vulnerable system.


Privacy Statement
Copyright 2010, SecurityFocus