Microsoft Windows CSRSS MSGBox Remote Code Execution Vulnerability
Microsoft Windows CSRSS (client/server run-time subsystem) MsgBox is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Note that this issue can also be exploited locally by an authenticated user to gain elevated privileges.
Under default settings, Windows Vista is not prone to remote attacks that attempt to exploit this issue.
Update: This issue was originally disclosed as part of BID 21688, but has now been assigned its own record.