|
|
|
Vulnerability Note VU#218526Microsoft Windows contains vulnerability in Window Management APIOverviewA vulnerability in the Microsoft Windows window application programming interfaces (APIs) could allow a local attacker to gain elevated privileges on a vulnerable system.I. DescriptionMicrosoft Windows contains a vulnerability in the window management application programming interface (API) functions. These functions are used to change various properties of a program window including the size and name of the window. Typically, an application should only be able to change the properties of another application running with the same level of privileges. There is a vulnerability in several of the Window Management API functions that could allow one application to modify the properties of another application that is running with a higher level of privileges.II. ImpactA local, authenticated attacker could execute an application that modifies the properties of another application running at a higher level of privileges to gain complete control of the vulnerable system.III. SolutionApply PatchMicrosoft has provided a patch to address this vulnerability. For a list of affected versions and details on obtaining the patch, please refer to Microsoft Security Bulletin MS04-032.
References
This vulnerability was reported by Microsoft. Microsoft credits Brett Moore of Security-Assessment.com for discovering the vulnerability. This document was written by Damon Morda and based on information provided by Microsoft.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader