|
Family: Windows : Microsoft Bulletins --> Category: infos
WM_TIMER Message Handler Privilege Elevation (Q328310) Vulnerability Scan
Vulnerability Scan Summary Checks Registry for WM_TIMER Privilege Elevation Hotfix (Q328310)
Detailed Explanation for this Vulnerability Test
Synopsis :
Local users can elevate their rights on the remote host.
Description :
The remote version of Windows contains a flaw in the handling of
WM_TIMER messages for interactive processes which may allow a
local user to execute arbitrary code on the remote host with the
SYSTEM rights.
Solution :
Microsoft has released a set of patches for Windows NT, XP and 2000 :
http://www.microsoft.com/technet/security/bulletin/ms02-071.mspx
Threat Level:
High / CVSS Base Score : 7
(AV:L/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|