Microsoft Windows Management APIs Local Privilege Escalation

2004-10-12T16:03:58
ID OSVDB:10690
Type osvdb
Reporter Brett Moore(brett.moore@security-assessment.com)
Modified 2004-10-12T16:03:58

Description

Vulnerability Description

Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker uses a flaw in Windows Management APIs which allows programs to modify other programs which run at a higher permission level. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker uses a flaw in Windows Management APIs which allows programs to modify other programs which run at a higher permission level. This flaw may lead to a loss of integrity.

References:

Security Tracker: 1011645 Secunia Advisory ID:12804 Related OSVDB ID: 10693 Related OSVDB ID: 10691 Related OSVDB ID: 10692 Microsoft Security Bulletin: MS04-032 Microsoft Knowledge Base Article: 840987 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0477.html ISS X-Force ID: 16579 CVE-2004-0207