Thursday, December 21, 2006

Unconfirmed Windows Memory Corruption Zero-Day

Dear Secure@microsoft.com,

On one of Russian forum security vulnerability is discussed in Microsoft Windows (Windows XP is tested). A vulnerability is caused by memory corruption is string beginning with "\?\" is send thorugh MessageBox API with MB_SERVICE_NOTIFICATION flag.

It looks like some "debug" feature not cleaned out in final release and it seems to exploitable to code execution at kernel level.

See the full details on Security.nnov.ru.

No comments:

Post a Comment