• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Window Management API Local Privilege Escalation Vulnerability

Microsoft has reported that several unspecified Window Management API functions can allow a local attacker to change the attributes of an application with higher-level privileges to gain elevated privileges on a vulnerable computer.

This issue represents a fundamental design flaw; certain messages used to communicate between windows on a desktop may adversely affect the operation of a receiving process. By altering various properties of window components running with higher privileges, the attacker can create circumstances that may allow buffer overflows and arbitrary code execution.

This issue likely affects some native Windows applications, but other third-party applications may also provide an opportunity for exploits.