Microsoft Windows XP creates tasks with elevated privileges

Overview

Microsoft Windows XP contains a vulnerability in the way that tasks are created that may permit an authenticated user to launch applications with elevated privileges.

Description

Microsoft Windows creates tasks when a user launches an application. A vulnerability in the way that Windows XP creates the tasks may permit an authenticated user to launch applications with “SYSTEM” privileges.

---

Impact

An authenticated user can exploit this vulnerability to launch applications with “SYSTEM” privileges.

---

Solution

Apply a patch from the vendor

Microsoft Security Bulletin MS04-011 contains patch information to resolve this issue.

---

Vendor Information

206468

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: April 14, 2004

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft Security Bulletin MS04-011 contains information regarding this issue.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23206468 Feedback>).

CVSS Metrics

Group	Score	Vector
Base	N/A	N/A
Temporal	N/A	N/A
Environmental		N/A

References

<http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx&gt;

Acknowledgements

Thanks to Erik Kamphuis for reporting this vulnerability.

This document was written by Jason A Rafail.

Other Information

CVE IDs:	CVE-2003-0909
Severity Metric:	18.56 Date Public: