[原文]The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.
Dr. Watson contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user with access rights to a shared computer accesses the user.dmp file created by Dr. Watson to obtain username and password information about other system users, resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround:
Run drwtsn32.exe to set crash dump options. There are two ways to get
around this problem (per-user):
1) Uncheck the "create crash dump file" checkbox.
2) Change the crash dump location to a directory that only you have access
For a system-wide fix, delete the registry key
NT\CurrentVersion\AeDebug\Debugger. This will cause Dr. Watson to be
replaced with a simple "Application Error" box.
If you have installed MSVC it will automatically make itself the system debugger, and it does not create crash dump files so you are not vulnerable.