[Full-disclosure] Local persistent DoS in Windows XP SP2 Taskmanager
3APA3A at SECURITY.NNOV.RU
Sat Mar 15 16:22:27 GMT 2008
I see no security impact here.
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\PCHealth\\ErrorReporting", 0, KEY_SET_VALUE, &hKey);
requires administrative privileges. If user has ones, you can achieve
better results by deleting task manager of trojaning it.
You can also use
File Execution Options\taskmgr.exe\Debug
key to launch notepad.exe instead of taskmgr.exe.
--Friday, March 14, 2008, 10:49:31 PM, you wrote to full-disclosure at lists.grok.org.uk:
S> Dear list,
S> after weeks of total ignorance by Microsoft I decided to finally
S> release all information
S> related to a bug, that has to do with the Windows XP SP2 Taskmanager.
S> a Registry key makes it possible to disable the Taskmgr. On the next
S> startup it will crash with
S> an error message. It is possible to backup the key and repair the
S> Registry doing so, but
S> the attack scenario is clear: A virus uses this code, the user can't
S> open the Taskmgr anymore
S> and your process is somehow "hidden".
S> The full information about this bug, can be found here:
S> And the exploit is available here:
ЭНИАКам - по морде! (Лем)
Full-Disclosure is hosted and sponsored by Secunia.