NT Trojan Profile Vulnerability...

- AV AC AU C I A
发布: 1999-04-28
修订: 2018-10-17

Lax permission in Windows NT's ProfileList registry key allows malicious users to install trojan profiles for other users, including administrator, which may lead to a system compromise. When a new user logs onto a Windows NT workstation or server a new subkey is written to the registry key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList". The name of this key is the user's Security Identifier (SID). One of the values of the new key is "ProfileImagePath" which points to the location of the user's profile directory. The default permission on the ProfileList registry key grants the Everybody group the SetValue permission. This means any user can edit the information in this key or any of its subkeys. This allows a malicious user to modify another user's ProfileImagePath making them load a trojan profile which contains entries in the Start Up folder that will execute the next time the user logos to the machine. Registry editing can be acomplished locally or across a...

0%
当前有1条漏洞利用/PoC
产品及版本信息(CPE)暂不可用