Microsoft Windows AEDEBUG Registry Key Vulnerability
BID:1044
Info
Microsoft Windows AEDEBUG Registry Key Vulnerability
| Bugtraq ID: | 1044 |
| Class: | Unknown |
| CVE: |
CVE-1999-1084 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 22 1998 12:00AM |
| Updated: | Jul 11 2009 01:56AM |
| Credit: | Originally posted to NTbugtraq on June 22, 1998 by David LeBlanc <[email protected]>. |
| Vulnerable: |
Microsoft Windows NT 4.0 alpha Microsoft Windows NT 4.0 |
| Not Vulnerable: | |
Discussion
Microsoft Windows AEDEBUG Registry Key Vulnerability
The default permissions on some installations of Windows NT allow members of the 'Everyone' group to write to the contents of the value that control what debugger is executed in the event of a system crash.
The registry value in question is:
\HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
Also, there is a value that controls whether any prompt is issued to the user before the selected debugger is executed:
\HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\auto
Therefore, an attacker could specify code to run in the event of a process crash. Note that the code must already be on the target machine.
The default permissions on some installations of Windows NT allow members of the 'Everyone' group to write to the contents of the value that control what debugger is executed in the event of a system crash.
The registry value in question is:
\HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
Also, there is a value that controls whether any prompt is issued to the user before the selected debugger is executed:
\HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\auto
Therefore, an attacker could specify code to run in the event of a process crash. Note that the code must already be on the target machine.
Exploit / POC
Microsoft Windows AEDEBUG Registry Key Vulnerability
see discussion
see discussion
Solution / Fix
Microsoft Windows AEDEBUG Registry Key Vulnerability
Solution:
Microsoft has released a hotfix for this issue, available at:
Intel: http://www.microsoft.com/downloads/release.asp?ReleaseID=19172
Alpha: http://www.microsoft.com/downloads/release.asp?ReleaseID=19173
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 alpha
Solution:
Microsoft has released a hotfix for this issue, available at:
Intel: http://www.microsoft.com/downloads/release.asp?ReleaseID=19172
Alpha: http://www.microsoft.com/downloads/release.asp?ReleaseID=19173
Microsoft Windows NT 4.0
-
Microsoft Q250625
http://download.microsoft.com/download/winntsp/Patch/regacl/NT4/EN-US/ Q250625i.EXE
Microsoft Windows NT 4.0 alpha
References
Microsoft Windows AEDEBUG Registry Key Vulnerability
References:
References: