Microsoft Windows Win32 API Code Execution Vulnerability

Posted on Tuesday, June 12, 2007 @ 17:28:23 PDT in Security
by Raven



CRITICAL: Highly critical

IMPACT: Privilege escalation, System access

WHERE: >From remote

Microsoft Windows 2000 Professional -
Microsoft Windows XP Home Edition -
Microsoft Windows XP Professional -
Microsoft Windows Server 2003 Datacenter Edition -
Microsoft Windows Server 2003 Enterprise Edition -
Microsoft Windows Server 2003 Standard Edition -
Microsoft Windows Server 2003 Web Edition -
Microsoft Windows Storage Server 2003 -

DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error in the Win32 API when handling parameters to a function call. This can be exploited to execute arbitrary code via a local application using the vulnerable component or when a user e.g. views a specially crafted web page using Internet Explorer.

SOLUTION: Apply patches.
Windows 2000 SP4:
Windows XP SP2:
Windows XP Professional x64 Edition (optionally with SP2):
Windows Server 2003 SP1/SP2:
Windows Server 2003 x64 Edition (optionally with SP2):
Windows Server 2003 with SP1/SP2 for Itanium-based systems:

PROVIDED AND/OR DISCOVERED BY: The vendor credits Billy Rios, VeriSign.

click Related        click Share
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 369,966,039
  • Today: 13,065
Server InfoServer Info
  • Oct 23, 2018
  • 03:23 am PDT

Daily Inspiration