Skip to main content

Microsoft Windows LPC Message Buffer Overrun Vulnerability ( 13 October 2010 )

Last Update Date: 28 Jan 2011 Release Date: 13 Oct 2010 5419 Views

RISK: Medium Risk

An elevation of privilege vulnerability exists in the Remote Procedure Call Subsystem (RPCSS) running in the context of the NetworkService account, where a local application can use LPC to request that the LPC server connect back to the client using LRPC. This request could contain specially crafted data designed to cause a stack-based buffer overflow, allowing an authenticated user to access resources running in the context of the NetworkService account.


Impact

  • Elevation of Privilege

System / Technologies affected

  • Windows XP
  • Windows Server 2003

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch


Vulnerability Identifier


Source


Related Link