NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Windows_2000 | Microsoft | * | * |
| Windows_2003_server | Microsoft | enterprise (including) | enterprise (including) |
| Windows_2003_server | Microsoft | enterprise-sp1 (including) | enterprise-sp1 (including) |
| Windows_2003_server | Microsoft | r2 (including) | r2 (including) |
| Windows_2003_server | Microsoft | r2-sp1 (including) | r2-sp1 (including) |
| Windows_2003_server | Microsoft | standard (including) | standard (including) |
| Windows_2003_server | Microsoft | standard-sp1 (including) | standard-sp1 (including) |
| Windows_2003_server | Microsoft | web (including) | web (including) |
| Windows_2003_server | Microsoft | web-sp1 (including) | web-sp1 (including) |
| Windows_xp | Microsoft | * | * |
References
- http://www.securityfocus.com/archive/1/418289/100/0/threaded
- http://www.securityfocus.com/archive/1/418431/100/0/threaded
- http://www.securityfocus.com/bid/15671/
- http://www.securityfocus.com/archive/1/418289/100/0/threaded
- http://www.securityfocus.com/archive/1/418431/100/0/threaded
- http://www.securityfocus.com/bid/15671/