In association with heise online

07 November 2007, 10:20

Microsoft debugging tool allows elevated access privileges

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security services provider iDefense has discovered a vulnerability in Microsoft's DebugView analysis tool that can be exploited by users who are logged onto a system with restricted privileges to obtain system privileges. The tool is used to monitor system debug messages and was originally developed by Sysinternals, which was absorbed by Microsoft last year along with its complete tool collection.

DebugView uses functions in the dbgv.sys kernel module which can be used to copy user data to arbitrary memory locations. According to the security advisory, this ability can be exploited by attackers to write code to kernel memory and execute this code. Unfortunately the driver can be addressed by any user once it has been loaded by an administrator via DebugView. Rebooting is required to resolve the problem.

The bug was discovered in dbgv.sys version, included in DebugView 4.64. Microsoft has released DebugView 4.72 which fixes this bug.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit