MS Windows 2000 Debug Registers Vulnerability

A vulnerability exists in the handling of debug registers in Windows 2000.

It is possible for unprivileged processes to create breakpoints for arbitrary processes. This can be used to 'kill' arbitrary processes without administrative privileges.

Since it is possible for an unprivileged process to terminate arbitrary processes, depending on the programs involved, this vulnerability could be used to leverage other attacks. Including a denial of service or elevating privileges by 'impersonating' a trusted named pipe.


Privacy Statement
Copyright 2010, SecurityFocus