Security Advisory

CVE-2006-6696

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-12-22 02:00:00

Last updated 2024-08-07 20:34:00

Assigner mitre

State PUBLISHED

Description

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

← Browse all CVEs View on cve.org ↗