- home
- reviews
- news
- downloads
- cnet tv
HOLIDAY HELP DESK: Broadcasting live at 1:00 p.m., PT
- log in
- join CNET
- welcome,
- my profile
- log out

Hardware

Software & services

Networking & communications

Buying guides

Rob Vamosi's
award-winning
column on Internet threats and how to counter them
Delivered Mondays

All free newsletters

CNET Security Center: Your complete source of antivirus and Internet security information.

Windows flaw in WINSRV.DLL CVE-2006-6696
A serious flaw in Windows provides privilege escalation for local users.
By Robert Vamosi (March 12, 2007)

QUICK FACTS

Name: Windows flaw in WINSRV.DLL

Date first reported: 11/08/06

Vulnerable software: Microsoft Windows 2000, XP, 2003, and Vista

What it does: Provides privilege escalation for local users.

Recommendations: None

Exploit code available: No

Vendor patch available: No

7
out of 10

INTERNET THREAT RATING
How we rate

There's a flaw within Microsoft Windows 2000, XP, 2003, and Vista that allows local users to gain privileges by calling the MessageBox function with a specialized message. A specially crafted MB_SERVICE_NOTIFICATION designed to send a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process may not be properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

Additional Resources:

Microsoft: Technical advisory
Milw0rm: 2967
Frsirt: 5120
Secunia: 2344

Reviews & advice: Site map; Editorial policies; Meet the editors; How we test; Forums; Internet speed test

Popular topics: Apple iPhone; Apple iPod; Cell phones; Dell; GPS; LCD TV

CNET sites: CNET Site map; CNET TV; Downloads; News; Reviews; Shopper.com

More information: Newsletters; CNET Mobile; Customer Help Center; RSS; CNET Widgets; About CNET