Description: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a vulnerable system.
1) An error in Winlogon when searching for DLL files when applications are started can be exploited by a malicious, local user to gain escalated privileges by placing a malicious DLL file in the user directory.
NOTE: Only Windows 2000 is affected by default as other OS versions have "SafeDllSearchMode" set to "1" by default.
2) An error in the exception handling management when multiple applications are resident in memory can be exploited to execute arbitrary code by tricking a user into visiting a malicious website.
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.