• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft ListBox/ComboBox Control User32.dll Function Buffer Overrun Vulnerability

Microsoft has reported the existence of a local buffer overrun vulnerability in an undisclosed User32.dll library function. This function is used by applications implementing the use of ListBox or ComboBox controls and will be triggered when the program encounters specific types of Windows messages.

This issue poses a security risk when a privileged application is running in the environment of an unprivileged user. Due to the ability for a program to transmit a windows message to another process, an attacker may be capable of exploiting this buffer overrun to gain privileged access to a system.