windows regedit exploit

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • budz
    Disruptive Innovator
    • Sep 2003
    • 4230

    #1

    windows regedit exploit

    TITLE:
    Windows Registry Editor Utility String Concealment Weakness

    SECUNIA ADVISORY ID:
    SA16560

    VERIFY ADVISORY:
    http://secunia.com/advisories/16560/

    CRITICAL:
    Not critical

    IMPACT:
    Spoofing

    WHERE:
    Local system

    OPERATING SYSTEM:
    Microsoft Windows 2000 Advanced Server
    http://secunia.com/product/21/
    Microsoft Windows 2000 Datacenter Server
    http://secunia.com/product/1177/
    Microsoft Windows 2000 Professional
    http://secunia.com/product/1/
    Microsoft Windows 2000 Server
    http://secunia.com/product/20/
    Microsoft Windows XP Home Edition
    http://secunia.com/product/16/
    Microsoft Windows XP Professional
    http://secunia.com/product/22/

    DESCRIPTION:
    Igor Franchuk has discovered a weakness in Microsoft Windows, which
    can be exploited to hide certain information.

    The weakness is caused due to an error in the Registry Editor Utility
    (regedt32.exe) when handling long string names. This can be exploited
    to hide strings in a registry key by creating a string with a long
    name, which causes this string and any subsequently created strings
    in the key to be hidden.

    Successful exploitation e.g. makes it possible for malware to hide
    strings in the "Run" registry key. However, these hidden strings
    created after the string with the overly long name will still be
    executed when the user logs in.


    The weakness has been confirmed in a fully updated Windows XP SP2
    system, and has also been reported in Windows 2000. Other versions
    may also be affected.

    SOLUTION:
    Ensure that systems have up-to-date anti-virus and spyware detection
    software installed.

    PROVIDED AND/OR DISCOVERED BY:
    Igor Franchuk
    just thought I'd let everyone know..
    C:\Code\
    C:\Code\Run\
Working...