Description: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a double-free error in the Client/Server Run-time Subsystem (CSRSS) within WINSRV.DLL when handling HardError messages.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
NOTE: Various other unspecified vulnerabilities discovered internally by Microsoft have also been reported.
Changelog: 2006-12-22: Added CVE reference.
2006-12-29: Added Windows Vista as affected product.
2007-04-10: Updated "Solution" section. Added additional information from Microsoft.
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.