Description: A vulnerability was reported in the Windows XP kernel. A local user can obtain elevated privileges on the target system.



A local user can invoke NtUserConsoleControl() in 'win32k.sys' to execute arbitrary code on the target system with elevated privileges.



Demonstration exploit code is available at:



http://www.ntinternals.org/win32k/NtUserConsoleControl_Exp.zip



The original advisory is available at:



http://www.ntinternals.org/index.html#09_07_30



alex from ntinternals.org reported this vulnerability.

