The method allows an attacker to gain unauthorized access to a user’s Windows session if he has physical access to a locked machine.
When a user leaves his computer (ex. during a lunch break), he should lock his session in order to prevent other people from doing actions on his behalf.
Some computers, mostly in corporate environments, are configured to play a flash animation as screensaver while the computer is locked. This configuration is done by specifying the path to a .scr file – which is actually a renamed executable obtained by compiling a swf. The following registry key specifies the path to this executable: Continue reading