Microsoft Windows APC queue list could allow elevated privileges
| win-apc-gain-privileges (23447) |  High Risk |
Description:
Microsoft Windows could allow a remote attacker to gain elevated privileges, caused by a vulnerability in the method used to process items in the Asynchronous Procedure Call (APC) queue list. A remote attacker, with valid logon credentials, could log onto a system and run a specially-crafted application to take complete control of the affected system.
Consequences:
Gain Access
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS07-022. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS05-055, but it was superseded by the patch released with MS06-049, and then superseded by the patch released with MS07-022. See References.
References:
- eEye Digital Security Advisory AD20051213: Windows Kernel APC Data-Free Local Privilege Escalation Vulnerability.
- Microsoft Security Bulletin MS05-055: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (908523).
- Microsoft Security Bulletin MS06-049: Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958).
- Microsoft Security Bulletin MS07-017: Vulnerabilities in GDI Could Allow Remote Code Execution (925902).
- BID-15826: Microsoft Windows Asynchronous Procedure Call Local Privilege Escalation Vulnerability
- CVE-2005-2827: The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the Windows Kernel Vulnerability.
- SA15821: Microsoft Windows Kernel APC Queue List Handling Privilege Escalation
- SA18064: Avaya Products Microsoft Windows Multiple Vulnerabilities
- SA18311: Nortel Centrex IP Client Manager Multiple Vulnerabilities
- SECTRACK ID: 1015347: Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
- VUPEN/ADV-2005-2868: Microsoft Windows Kernel Privilege Escalation Vulnerability (MS05-055)
- VUPEN/ADV-2005-2909: Avaya Various Products Microsoft Windows Multiple Vulnerabilities
Platforms Affected:
- Microsoft Windows 2000 SP4
Reported:
Dec 13, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net