Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - PoC for local elevation of privilege on Windows 2000 SP4 upwards InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

PoC for local elevation of privilege on Windows 2000 SP4 upwards

Published: 2006-12-22
Last Updated: 2006-12-22 22:18:58 UTC
by Mark Hofman (Version: 2)
0 comment(s)
The Microsoft Blog notes that they are tracking a Proof of Concept exploit.  It targets the Client Server Run-Time Subsystem.  The blog states that initial indications are that you need to be authenticated before you can take advantage of it.  It affects Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista.

If you have more info feel free to drop us a packet or two.
eEye has some information has some additional info on the exploit here.

At the moment this has been assigned CVE-2006-5996 and CVE-2006-6696  This will be consolidated at a later stage.

Mark
ISC Handler on Duty
Shearwater
Keywords:
0 comment(s)
Diary Archives