https://www.exploit-db.com/exploits/23327
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-454

DATEVeG是一款税务相关系统，而Nutzungskontrolle(NUKO)用于对用户进行限制访问的软件，如一般用户不允许查看内部帐户数据。DATEVNutzungskontrolle对用户访问缺少正确的访问控制，远程攻击者可以利用这个漏洞未授权访问系统，获得敏感数据信息。本地用户可以通过修改部分Windows的注册表键值，就可以绕过软件的安全模型，访问受限制数据。

source: http://www.securityfocus.com/bid/8950/info

It has been reported that DATEV Nutzungskontrolle may be prone to a access validation issue that may allow a local attacker to gain access to sensitive data. The issue presents itself as a local user is able modify certain keys in the Windows registry resulting in bypassing the security model of the software. This issue would not present itself if the registry keys were set to read only.

Successful exploitation of this issue may allow an attacker to gain access to sensitive data that could be used to launch further attacks against the system.

Nutzungskontrolle V.2.1 and V.2.2 has been reported to be prone to this issue, however other versions may be affected as well.

It is possible to deactivate the NUKO with just importing 2 registry
keys:

[HKEY_LOCAL_MACHINESOFTWAREDATEV]
"NukoInfo"=hex:00,00,00,00,00,00,00,00,e4,6c,d9,ce,f1,69,97,e7,61,eb,08,48,e7,71,65,9b

[HKEY_LOCAL_MACHINESOFTWAREDATEVeGComponentsB0000046Versions1.0NukoInfos]
"NukoInfo"=hex:00,00,00,00,00,00,00,00,e4,6c,d9,ce,f1,69,97,e7,61,eb,08,48,e7,71,65,9b

来源:XF
名称:nutzungskontrolle-registry-security-bypass(13589)
链接:http://xforce.iss.net/xforce/xfdb/13589
来源:BID
名称:8950
链接:http://www.securityfocus.com/bid/8950
来源:FULLDISC
名称:20031101DATEVNutzungskontrolleBypassing(REG)
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013113.html
来源：NSFOCUS
名称：5620
链接：http://www.nsfocus.net/vulndb/5620