CVE-2006-6696

CVE-2006-6696 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

Learn more about our Cis Benchmark Audit For Server Software.