Microsoft Windows Kernel Application Launch Local Privilege Escalation

2004-12-14T16:21:48
ID OSVDB:12372
Type osvdb
Reporter Cesar Cerrudo()
Modified 2004-12-14T16:21:48

Description

Vulnerability Description

Microsoft WIndows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an unchecked buffer in the handling of data sent through a Local Procedure Call (LPC) port, allowing an attacker to trigger an overflow leading to arbitrary code execution with escalated priveleges. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Microsoft WIndows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an unchecked buffer in the handling of data sent through a Local Procedure Call (LPC) port, allowing an attacker to trigger an overflow leading to arbitrary code execution with escalated priveleges. This flaw may lead to a loss of integrity.

References:

Secunia Advisory ID:13465 Related OSVDB ID: 12376 Microsoft Security Bulletin: MS04-044 Microsoft Knowledge Base Article: 885835 CVE-2004-0893