Windows keyboard Event privilege elevation Vulnerability _windowsxp
Source: Internet
Author: User
Affected Systems:
Microsoft Windows XP SP2
Microsoft Windows XP SP1
Microsoft Windows XP
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003
Microsoft Windows 2000SP4
Microsoft Windows 2000SP3
Microsoft Windows 2000SP2
Microsoft Windows 2000SP1
Microsoft Windows 2000
Microsoft Windows
Detailed Description:
Microsoft Windows is a very popular operating system released by Microsoft.
A privilege elevation vulnerability exists in Microsoft windows that could allow an attacker to execute arbitrary code with the privileges of the target user by sending a malicious keyboard event to a desktop application running with higher privileges, such as Explorer.exe.
The cause is a design error when the desktop application handles keyboard events sent through the keybd_event () function functions. In the current Microsoft security model, messages can be sent between applications that share the desktop, and each desktop application can handle each process performed on the same desktop, and any application can simulate a virtual keyboard by sending a keyboard tapping action. This allows each process to send messages and keystroke actions as if it were an interactive user.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
A Free Trial That Lets You Build Big!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service