On 2006-05-21 susam.pal@xxxxxxxxx wrote: > -- Advisory Name -- > Default Screen Saver Vulnerability in Microsoft Windows [...] > [HKEY_USERS\.DEFAULT\Control Panel\Desktop] > "ScreenSaverIsSecure"="0" > "ScreenSaveTimeOut"="600" > "ScreenSaveActive"="1" > "SCRNSAVE.EXE"="logon.scr" > > It can be seen that the default time-out value is 600 seconds or 10 > minutes. > > An attacker can replace the default screen saver (logon.scr) with the > command prompt (cmd.exe) and reduce the time-out period in a system by > using a trojan or some other means. To be able to write to this registry key or to %SystemRoot%\system32 administrative or system privileges are required. Why do you believe this to be a vulnerability? > -- Prevention -- [...] > Deny everyone all permissions on the registry key, "My Computer\ > HKEY_USERS\.DEFAULT\Control Panel\Desktop". This will prevent any > malicious program, script or software from modifying the default > screen saver settings. No. Administrative and system privileges include the ability to take ownership and change the permissions back. You just can't protect a system from its admin. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq