Microsoft Windows Client Server Run-Time Subsystem Privilege Escalation Vulnerability
A vulnerability has been identified in Microsoft Windows, which could be exploited by local attackers to obtain elevated privileges. This issue is due to a double-free error within the Windows Server Library (WINSRV.DLL) and the Client Server Run-Time Subsystem (CSRSS) when calling a MessageBox API with malformed parameters and a "MB_SERVICE_NOTIFICATION" flag set, which could allow malicious users to crash a vulnerable system or execute arbitrary commands with SYSTEM privileges.

Affected Products

Microsoft Windows Vista Home
Microsoft Windows Vista Business
Microsoft Windows Vista Enterprise
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 1
Microsoft Windows Server 2003 Service Pack 1
더보기

댓글,