Microsoft Windows Registry: Permission to Modify Common Paths

1995-01-01T00:00:00
ID OSVDB:334
Type osvdb
Reporter OSVDB
Modified 1995-01-01T00:00:00

Description

Vulnerability Description

It is possible to modify the registry paths to commonly used applications. The path to a Trojan program could be substituted, and the next time the application is executed the Trojan could be used to gain unauthorized access.

Solution Description

To prevent unauthorized access, update the following registry key permissions (Start -> Run -> RegEdt32.exe -> (Select Key) -> Security -> Permissions): Hive: HKEY_LOCAL_MACHINE Key: SoftwareMicrosoftWindowsCurrentVersionApp Paths Key: SoftwareMicrosoftWindowsCurrentVersionControls Folder Key: SoftwareMicrosoftWindowsCurrentVersionDeleteFiles Key: SoftwareMicrosoftWindowsCurrentVersionExplorer Key: SoftwareMicrosoftWindowsCurrentVersionExtensions Key: SoftwareMicrosoftWindowsCurrentVersionExtShellViews Key: SoftwareMicrosoftWindowsCurrentVersionInternet Settings Key: SoftwareMicrosoftWindowsCurrentVersionModuleUsage Key: SoftwareMicrosoftWindowsCurrentVersionRenameFiles Key: SoftwareMicrosoftWindowsCurrentVersionSetup Key: SoftwareMicrosoftWindowsCurrentVersionSharedDLLs Key: SoftwareMicrosoftWindowsCurrentVersionShell Extensions Key: SoftwareMicrosoftWindowsCurrentVersionUninstall Key: SoftwareMicrosoftWindows NTCurrentVersionCompatibility Key: SoftwareMicrosoftWindows NTCurrentVersionDrivers Key: SoftwareMicrosoftWindows NTCurrentVersiondrivers.desc Key: SoftwareMicrosoftWindows NTCurrentVersionDrivers32

Short Description

It is possible to modify the registry paths to commonly used applications. The path to a Trojan program could be substituted, and the next time the application is executed the Trojan could be used to gain unauthorized access.

References:

CVE-1999-0589