There is a bug in regedit.exe which allows an attacker to execute an arbitrary command with the victim's privileges when the victim opens a specified key in the registry. Workaround for now is to simply use regedt32.exe instead of regedit.exe.

This is a NEW exploit for a NEW vulnerability
in REGEDIT.EXE !

This one trap a KEY in the registery, that
when a non informed user just try to BROWSE IT
with REGEDIT.EXE (localy or REMOTELY !) execute
an arbitrary command defined by attacker
without its knowledge !

The vulnerabitily appear to be in a RegEnumValueW
function misused in regedit.exe

By precaution, I council to use regedt32.exe
for your future registery manipulation.

This exploit as been tested on Win2K (fr) SP0,2,3,
and work with a local and remote browse of a
trapped registery.
Exploit code can be found here.