McAfee: Windows Vista Vulnerable to StickyKeys Backdoor

StickyKeys is an accessibility feature to aid handicapped users. It allows the user to press a modifier key, such as the Shift key, and have it remain active until another key is pressed. StickyKeys is activated by pressing the shift key or a modifier key five times in sequence and a beep is sounded. Sounds innocuous, right? Dead wrong!

Apparently, Windows Vista does not check the integrity of the file that launches StickyKeys “c:/windows/system32/sethc.exe” before executing it. Which means you could replace it with another executable and run it by depressing the shift key five times. A popular replacement is “cmd.exe.” After replacement, one could invoke this command prompt at the login prompt without the need to authenticate....Computer Security Research - McAfee Avert Labs Blog

Linked by shanmuga Tuesday, 13th March 2007 1:19AM