Bugtraq mailing list archives
Re: Default Screen Saver Vulnerability in Microsoft Windows
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 24 May 2006 20:52:18 +0200
On 2006-05-21 susam.pal () gmail com wrote:
-- Advisory Name -- Default Screen Saver Vulnerability in Microsoft Windows
[...]
[HKEY_USERS\.DEFAULT\Control Panel\Desktop] "ScreenSaverIsSecure"="0" "ScreenSaveTimeOut"="600" "ScreenSaveActive"="1" "SCRNSAVE.EXE"="logon.scr" It can be seen that the default time-out value is 600 seconds or 10 minutes. An attacker can replace the default screen saver (logon.scr) with the command prompt (cmd.exe) and reduce the time-out period in a system by using a trojan or some other means.
To be able to write to this registry key or to %SystemRoot%\system32 administrative or system privileges are required. Why do you believe this to be a vulnerability?
-- Prevention --
[...]
Deny everyone all permissions on the registry key, "My Computer\ HKEY_USERS\.DEFAULT\Control Panel\Desktop". This will prevent any malicious program, script or software from modifying the default screen saver settings.
No. Administrative and system privileges include the ability to take ownership and change the permissions back. You just can't protect a system from its admin. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Default Screen Saver Vulnerability in Microsoft Windows susam . pal (May 24)
- Re: Default Screen Saver Vulnerability in Microsoft Windows Eliah Kagan (May 24)
- Re: Default Screen Saver Vulnerability in Microsoft Windows Ansgar -59cobalt- Wiechers (May 24)
- Re: Default Screen Saver Vulnerability in Microsoft Windows Jason V. Miller (May 25)