A new vulnerability exists in the way Windows handles certain hard error messages that may be locally exploited for the purpose of local privilege escalation. The vulnerability is exploited by calling Windows MessageBox API with certain parameters.
Mike´s comment on Microsoft Security Response blog: “The PoC reportedly allows for local elevation of privilege on Windows 2000 SP4, Windows Server 2003 SP1, Windows XP SP1, Windows XP SP2 and Windows Vista operating systems. Initial indications are that in order for the attack to be successful, the attacker must already have authenticated access to the target system.”
“Currently we have not observed any public exploitation or attack activity regarding this issue. While I know this is a vulnerability that impacts Windows Vista I still have every confidence that Windows Vista is our most secure platform to date,” said Mike.
Although a public proof-of-concept code is available, eEye says that successful exploitation of this vulnerability is not trivial: “Successful exploitation of this vulnerability depends on controlling the contents of this memory and the surrounding heap at the time this second free occurs.”