CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY NOTES

VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-82
Windows Kernel Privilege Elevation Vulnerability

Original Issue Date: August 09, 2006

Severity Rating: Medium

Systems Affected

Microsoft Windows 2000 Service Pack 4

Overview

A privilege elevation vulnerability has been reported in Microsoft Windows 2000 kernel that could be exploited by a local attacker to take complete control of the vulnerable system.

Description

The vulnerability is caused due to an unchecked buffer in Windows 2000 kernel.

The attacker could exploit this vulnerability by logging into a system locally and executing a program that could exploit the vulnerability. Remote exploitation of the vulnerability is not possible.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-049

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-049.mspx

Refrences

Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS06-049.mspx

FrSIRT
http://www.frsirt.com/english/advisories/2006/3215

CVE Name
CVE-2006-3444

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer