CVE-2006-6696

Microsoft Windows < Vista - Privilege Escalation

Title source: llm

Description

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Ruben Santamarta · clocalwindows
https://www.exploit-db.com/exploits/3024
exploitdb WORKING POC VERIFIED
by anonymous · doswindows
https://www.exploit-db.com/exploits/2967

References (23)

... and 3 more

Scores

EPSS 0.0432
EPSS Percentile 88.9%

Details

CWE
CWE-119
Status published
Products (8)
microsoft/windows_2000 (5 CPE variants)
microsoft/windows_2003_server datacenter_edition (3 CPE variants)
microsoft/windows_2003_server enterprise_edition sp1 (2 CPE variants)
microsoft/windows_2003_server sp1
microsoft/windows_2003_server standard (3 CPE variants)
microsoft/windows_2003_server web (3 CPE variants)
microsoft/windows_vista (4 CPE variants)
microsoft/windows_xp (8 CPE variants)
Published Dec 22, 2006
Tracked Since Feb 18, 2026