Test ID:	1.3.6.1.4.1.25623.1.0.800862
Category:	Privilege escalation
Title:	Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability
Summary:	Windows XP/2003 is prone to a privilege escalation vulnerability.
Description:	Summary: Windows XP/2003 is prone to a privilege escalation vulnerability. Vulnerability Insight: The flaw is due to error in NtUserConsoleControl function in win32k.sys caused via a crafted call that triggers an overwrite of an arbitrary memory location. Vulnerability Impact: Successful exploitation could allow local administrators to bypass unspecified 'security software' and gain privileges. Affected Software/OS: - Microsoft Windows XP SP2/SP3 and prior - Microsoft Windows Server 2003 before SP1 Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2653 http://www.exploit-db.com/exploits/9301 http://blogs.technet.com/srd/archive/2009/06/11/latest-baidu-public-posting-requires-adminisrator-to-elevate.aspx http://hi.baidu.com/azy0922/blog/item/f950cbc2890729130ef47783.html http://www.ntinternals.org/index.html#09_07_30 http://osvdb.org/56780 http://securitytracker.com/id?1022630
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.