Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows 2000 |
||
microsoft windows 2003 server datacenter_edition |
||
microsoft windows 2003 server standard |
||
microsoft windows 2003 server web |
||
microsoft windows xp |
||
microsoft windows 2003 server enterprise_edition |
||
microsoft windows 2003 server sp1 |
||
microsoft windows vista |