TITLE: IM Lock 2006 Insecure Registry Permissions SECUNIA ADVISORY ID: SA19140 VERIFY ADVISORY: http://secunia.com/advisories/19140/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system SOFTWARE: IM Lock Professional 2006 http://secunia.com/product/8591/ IM Lock Home 2006 http://secunia.com/product/8592/ DESCRIPTION: fRoGGz has discovered a vulnerability in IM Lock 2006, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information. The vulnerability is caused due to IM Lock storing its password in the "SOFTWARE\Microsoft\SvcHst\msnvs\prc" registry key under HKEY_LOCAL_MACHINE with insecure permissions. This registry key is readable and can be decoded by non-privileged users on the system. The vulnerability has been confirmed in IM Lock Professional 2006 version 2.0.0.1 and also reported in the Home edition. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: fRoGGz, SecuBox Labs. ORIGINAL ADVISORY: http://secubox.shadock.net/IM_Lock_2006_Insecure_Registry_Permission_Vulnerability.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------