CVE-2009-2653

Metadata

CVE-2009-2653
4.6
blogs.technet.com, hi.baidu.com, securitytracker.com, exploit-db.com, ntinternals.org
2009-08-03
2017-09-19 14:13

Description

** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'

Related Vulnerabilities