Overview
A vulnerability in the Microsoft Windows window application programming interfaces (APIs) could allow a local attacker to gain elevated privileges on a vulnerable system.
Description
Microsoft Windows contains a vulnerability in the window management application programming interface (API) functions. These functions are used to change various properties of a program window including the size and name of the window. Typically, an application should only be able to change the properties of another application running with the same level of privileges. There is a vulnerability in several of the Window Management API functions that could allow one application to modify the properties of another application that is running with a higher level of privileges. |
Impact
A local, authenticated attacker could execute an application that modifies the properties of another application running at a higher level of privileges to gain complete control of the vulnerable system. |
Solution
Apply Patch Microsoft has provided a patch to address this vulnerability. For a list of affected versions and details on obtaining the patch, please refer to Microsoft Security Bulletin MS04-032. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by Microsoft. Microsoft credits Brett Moore of Security-Assessment.com for discovering the vulnerability.
This document was written by Damon Morda and based on information provided by Microsoft.
Other Information
| CVE IDs: | CVE-2004-0207 |
| Severity Metric: | 10.69 |
| Date Public: | 2004-10-12 |
| Date First Published: | 2004-10-13 |
| Date Last Updated: | 2004-10-13 17:41 UTC |
| Document Revision: | 15 |