CVE-2006-6696

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to Vista

Description: A double free vulnerability exists in Microsoft Windows, allowing local users to gain privileges. This issue arises when the MessageBox function is called with a MB SERVICE NOTIFICATION message containing crafted data, which sends a HardError message to the Client/Server Runtime Server Subsystem (CSRSS) process. The CSRSS process does not properly handle this message when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. Additionally, a remote code execution issue exists due to the way the CSRSS process handles error messages, potentially allowing an attacker to execute remote code by constructing a specially crafted application.

Recommendations: For Microsoft Windows 2000, update to a version that includes the fix for this issue. For Microsoft Windows XP, apply the necessary patch to resolve the vulnerability. For Microsoft Windows 2003, install the update that addresses this issue. For Microsoft Windows Vista, ensure you have the latest security updates installed. As a temporary workaround, consider restricting access to the MessageBox function with MB SERVICE NOTIFICATION messages until a patch is available.