CVE-2006-6696
CVE-2006-6696 · MEDIUM Severity
AV:L/AC:M/AU:N/C:C/I:C/A:C
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
Learn more about our Cis Benchmark Audit For Server Software.