A vulnerability in the Microsoft Windows window application programming interfaces (APIs) could allow a local attacker to gain elevated privileges on a vulnerable system.
Microsoft Windows contains a vulnerability in the window management application programming interface (API) functions. These functions are used to change various properties of a program window including the size and name of the window. Typically, an application should only be able to change the properties of another application running with the same level of privileges. There is a vulnerability in several of the Window Management API functions that could allow one application to modify the properties of another application that is running with a higher level of privileges.
A local, authenticated attacker could execute an application that modifies the properties of another application running at a higher level of privileges to gain complete control of the vulnerable system.
Microsoft has provided a patch to address this vulnerability. For a list of affected versions and details on obtaining the patch, please refer to Microsoft Security Bulletin MS04-032.
Vendor| Status| Date Notified| Date Updated
Microsoft Corporation| | -| 13 Oct 2004
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
This vulnerability was reported by Microsoft. Microsoft credits Brett Moore of Security-Assessment.com for discovering the vulnerability.
This document was written by Damon Morda and based on information provided by Microsoft.