| VID |
28010 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The permissions on the 'Uninstall' registry key were found to allow write access by 'Everyone'. This access allows all users and guests to add an entry to the 'Uninstall' registry key, which causes a malicious program to be executed when a user attempts to remove an application from the system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.iss.net/security_center/static/1285.php
* Platforms Affected :
Microsoft Windows Any version |
| Recommendation |
Change the permissions on the relevant registry key to prevent 'Everyone' from having write access to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall.
To set registry permissions:
1. Open Registry Editor. From the Windows Start Menu, select 'Run', type 'regedt32', and click 'OK'.
2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.
3. From the Security menu, select Permissions to display the Registry Key Permissions dialog box.
4. Allow only read access to the 'Everyone' group. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
