Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] >>: [SA23308] Microsoft Windows File Manifest Privilege Escalation Vulnerability
TITLE:
Microsoft Windows File Manifest Privilege Escalation Vulnerability
SECUNIA ADVISORY ID:
SA23308
VERIFY ADVISORY:
http://secunia.com/advisories/23308/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows XP Professional
http://secunia.com/product/22/
DESCRIPTION:
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to an error in the Client-Server
Run-time Subsystem when processing file manifests and can be
exploited by starting up an applications with specially crafted file
manifest.
Successful exploitation allows execution of arbitrary code with
escalated privileges.
SOLUTION:
Apply patches.
Microsoft Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=966704b5-1a7e-4110-9694-844706a52db7
Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5ea314a2-d76a-46f9-853b-15ff03f8ad95
Microsoft Windows Server 2003 for Itanium-based systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7bceaa11-f655-4e3c-a588-5c49097e970b
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
MS06-075 (KB926255):
http://www.microsoft.com/technet/security/Bulletin/MS06-075.mspx
|