Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar Mark Forums Read
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
windows regedit exploit windows regedit exploit
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 08-24-2005, 09:32 PM   #1
budz
Disruptive Innovator
 
budz's Avatar
 
Industry Role:
Join Date: Sep 2003
Location: Vegas
Posts: 4,230
windows regedit exploit
Quote:
TITLE:
Windows Registry Editor Utility String Concealment Weakness

SECUNIA ADVISORY ID:
SA16560

VERIFY ADVISORY:
http://secunia.com/advisories/16560/

CRITICAL:
Not critical

IMPACT:
Spoofing

WHERE:
Local system

OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/product/1177/
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Server
http://secunia.com/product/20/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows XP Professional
http://secunia.com/product/22/

DESCRIPTION:
Igor Franchuk has discovered a weakness in Microsoft Windows, which
can be exploited to hide certain information.

The weakness is caused due to an error in the Registry Editor Utility
(regedt32.exe) when handling long string names. This can be exploited
to hide strings in a registry key by creating a string with a long
name, which causes this string and any subsequently created strings
in the key to be hidden.

Successful exploitation e.g. makes it possible for malware to hide
strings in the "Run" registry key. However, these hidden strings
created after the string with the overly long name will still be
executed when the user logs in.

The weakness has been confirmed in a fully updated Windows XP SP2
system, and has also been reported in Windows 2000. Other versions
may also be affected.

SOLUTION:
Ensure that systems have up-to-date anti-virus and spyware detection
software installed.

PROVIDED AND/OR DISCOVERED BY:
Igor Franchuk
just thought I'd let everyone know..
__________________
C:\Code\
C:\Code\Run\
budz is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
windows regedit exploit windows regedit exploit
« Previous Thread | Next Thread »

Bookmarks
Thread Tools



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.