Microsoft Windows AEDEBUG Registry Key Vulnerability

BID:1044

Info

Microsoft Windows AEDEBUG Registry Key Vulnerability

Bugtraq ID: 1044
Class: Unknown
CVE: CVE-1999-1084
Remote: Yes
Local: Yes
Published: Jun 22 1998 12:00AM
Updated: Jul 11 2009 01:56AM
Credit: Originally posted to NTbugtraq on June 22, 1998 by David LeBlanc <[email protected]>.
Vulnerable: Microsoft Windows NT 4.0 alpha
Microsoft Windows NT 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Workstation 4.0
+ Microsoft Windows NT Workstation 4.0
Not Vulnerable:

Discussion

Microsoft Windows AEDEBUG Registry Key Vulnerability

The default permissions on some installations of Windows NT allow members of the 'Everyone' group to write to the contents of the value that control what debugger is executed in the event of a system crash.

The registry value in question is:
\HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger

Also, there is a value that controls whether any prompt is issued to the user before the selected debugger is executed:

\HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\auto

Therefore, an attacker could specify code to run in the event of a process crash. Note that the code must already be on the target machine.

Exploit / POC

Microsoft Windows AEDEBUG Registry Key Vulnerability

see discussion

Solution / Fix

Microsoft Windows AEDEBUG Registry Key Vulnerability

Solution:
Microsoft has released a hotfix for this issue, available at:
Intel: http://www.microsoft.com/downloads/release.asp?ReleaseID=19172
Alpha: http://www.microsoft.com/downloads/release.asp?ReleaseID=19173


Microsoft Windows NT 4.0

Microsoft Windows NT 4.0 alpha

References

Microsoft Windows AEDEBUG Registry Key Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report