=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN554
_____________________________________________________________________

DATE                      : 13/12/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows XP, Windows Server 2003.

======================================================================

MS06-075 - Vulnerability in Windows Could Allow Elevation of Privilege (926255)

Affected Software:
  - Microsoft Windows XP Service Pack 2
  - Microsoft Windows Server 2003
  - Microsoft Windows Server 2003 for Itanium-based Systems

Full MS06-075 Advisory:
   http://www.microsoft.com/technet/security/Bulletin/MS06-075.mspx

Vulnerability Details

File Manifest Corruption Vulnerability
CVE-2006-5585

A privilege elevation vulnerability exists in the way that Microsoft Windows
starts applications with specially crafted file manifests. This vulnerability
could allow a logged on user to take complete control of the system.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================