|MS13-102||Vulnerability in LRPC Client Could Allow Elevation of Privilege (2898715)||Windows XP||Important||11-12-2013|
Brief overview of the risk:
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker spoofs an LRPC server and sends a specially crafted LPC port message to any LRPC client.
Detailed Information on the risk:
An elevation of privilege vulnerability exists in Microsoft Local Remote Procedure Call (LRPC) where an attacker spoofs an LRPC Server and uses a specially crafted LPC port message to cause a stack-based buffer overflow condition on the LRPC client. LRPC internally uses Microsoft Local Procedure Call (LPC). So, in effect, any LPC consumer might be impacted by this vulnerability, if not properly implemented.
Further information on this exploit is available at : MS13-102
Affected SoftwareWindows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems