Microsoft Windows SMB Registry : Key Permissions Path Subversion Local Privilege Escalation

This script is Copyright (C) 2000-2015 Tenable Network Security, Inc.


Synopsis :

Local users can gain SYSTEM privileges.

Description :

Some SYSTEM registry keys can be written by non administrator.

These keys contain paths to common programs and DLLs. If a user can
change a path, then he may put a trojan program into another location
(say C:/temp) and point to it.

Solution :

Use regedt32 and set the permissions of this key to :

- admin group : Full Control
- system : Full Control
- everyone : Read

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Windows

Nessus Plugin ID: 10432 ()

Bugtraq ID:

CVE ID: CVE-1999-0589

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now