Exploit.Win32.DebPloit

Class Exploit
Platform Win32
Description

Technical Details

The DebPloit exlopit uses a vulnerability in the security system to assign permissions under WinNT systems (this includes Win2000) – it does not effect WinXP. It uses any process to exploit the permissions of any other process.

By controlling permissions allocation, Debploit has the ability to, for example, promote all users to the status of system/admin – that is if the targeted process is running under the LocalSystem, Administrator account.

As a result any process being run with User rights can let DebPloit into the Administration process, and restart itself with Administrator rights, for example.

This virus works on Microsoft Windows NT 4.0 and Windows 2000 with ServicePaks installed prior to Mar-12-2002 (It doesn’t work if ServicePacks were installed after Mar-12-2002).