PoC for local elevation of privilege on Windows 2000 SP4 upwards

Published: 2006-12-22
Last Updated: 2006-12-22 22:18:58 UTC
by Mark Hofman (Version: 2)
0 comment(s)
The Microsoft Blog notes that they are tracking a Proof of Concept exploit.  It targets the Client Server Run-Time Subsystem.  The blog states that initial indications are that you need to be authenticated before you can take advantage of it.  It affects Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista.

If you have more info feel free to drop us a packet or two.
eEye has some information has some additional info on the exploit here.

At the moment this has been assigned CVE-2006-5996 and CVE-2006-6696  This will be consolidated at a later stage.

Mark
ISC Handler on Duty
Shearwater
Keywords:
0 comment(s)

Comments


Diary Archives