|CVSS SCORE||6.2, (AV:L/AC:H/Au:N/C:C/I:C/A:C)|
The specific flaw exists within the handling of the WM_SYSTIMER message. By malforming the window handle in the message, an attacker is able to cause the kernel to write to a controlled address. An attacker could leverage this to execute arbitrary code in the context of the System.
Microsoft has issued an update to correct this vulnerability. More details can be found at: