Microsoft Windows Graphics Rendering Engine GDI Local Privilege Escalation Vulnerability

2007-04-03T00:00:00
ID SMNTC-23273
Type symantec
Reporter Symantec Security Response
Modified 2007-04-03T00:00:00

Description

Description

Microsoft Windows Graphics Rendering Engine is prone to local privilege-escalation vulnerability. Successful exploits may result in a complete compromise of affected computers.

Technologies Affected

  • Avaya Customer Interaction Express (CIE) Server 1.0
  • Avaya Customer Interaction Express (CIE) User Interface 1.0
  • Avaya Messaging Application Server
  • Avaya Messaging Application Server MM 2.0
  • Avaya Messaging Application Server MM 3.0
  • Avaya Messaging Application Server MM 3.1
  • HP Storage Management Appliance 2.1
  • Microsoft Windows 2000 Professional SP4
  • Microsoft Windows 2000 Server SP4
  • Microsoft Windows Server 2003 Datacenter Edition
  • Microsoft Windows Server 2003 Datacenter Edition Itanium
  • Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
  • Microsoft Windows Server 2003 Datacenter Edition SP1
  • Microsoft Windows Server 2003 Datacenter x64 Edition
  • Microsoft Windows Server 2003 Datacenter x64 Edition SP2
  • Microsoft Windows Server 2003 Enterprise Edition
  • Microsoft Windows Server 2003 Enterprise Edition Itanium
  • Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
  • Microsoft Windows Server 2003 Enterprise Edition SP1
  • Microsoft Windows Server 2003 Enterprise x64 Edition
  • Microsoft Windows Server 2003 Enterprise x64 Edition SP2
  • Microsoft Windows Server 2003 Itanium
  • Microsoft Windows Server 2003 Itanium SP1
  • Microsoft Windows Server 2003 Standard Edition
  • Microsoft Windows Server 2003 Standard Edition SP1
  • Microsoft Windows Server 2003 Standard Edition SP2
  • Microsoft Windows Server 2003 Standard x64 Edition
  • Microsoft Windows Server 2003 Web Edition SP2
  • Microsoft Windows Vista
  • Microsoft Windows Vista Beta 1
  • Microsoft Windows Vista Business
  • Microsoft Windows Vista December CTP
  • Microsoft Windows Vista Enterprise
  • Microsoft Windows Vista Home Basic
  • Microsoft Windows Vista Home Premium
  • Microsoft Windows Vista Ultimate
  • Microsoft Windows Vista beta 2
  • Microsoft Windows Vista beta
  • Microsoft Windows Vista x64 Edition
  • Microsoft Windows XP Home SP2
  • Microsoft Windows XP Professional SP2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Professional x64 Edition SP2
  • Microsoft Windows XP Tablet PC Edition SP2
  • Nortel Networks Centrex IP Element Manager 7.0.0
  • Nortel Networks Centrex IP Element Manager 8.0.0
  • Nortel Networks Centrex IP Element Manager 9.0.0

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Do not allow untrusted individuals to have local access to computers. This may limit exposure to local attack vectors.

Microsoft has released a security advisory and fixes to address this issue. Please see the references for more information.