ID:601 - Exploit for Privilege escalation in Windows and Windows Server - CVE-2007-1215

Link to public exploit:

Vulnerability description

The vulnerability allows a local attacker to obtain elevated privileges on vulnerable system.

The vulnerability exists in Graphics Rendering Engine when processing certain color-related parameters. A local user create a specially crafted image file and execute arbitrary code on vulnerable system with elevated privileges.

Successful exploitation of this vulnerability may allow a local user to obtain full access to vulnerable system.

Remediation

• Microsoft Windows 2000 Service Pack 4 — Download the update
• Microsoft Windows XP Service Pack 2 — Download the update
• Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2 — Download the update
• Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 Service Pack 2 — Download the update
• Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems — Download the update
• Microsoft Windows Server 2003 x64 Edition and Microsoft Windows Server 2003 x64 Edition Service Pack 2 — Download the update
• Windows Vista — Download the update
• Windows Vista x64 Edition — Download the update