Technical Description

A vulnerability was identified in Sysinternals Process Explorer, which could be exploited by local attackers to execute arbitrary commands. This flaw is due to a buffer overflow error when handling an overly long "CompanyName" value of a running process, which could be exploited by local attackers to execute arbitrary commands with the privileges of another user by constructing/executing a specially crafted binary and convincing that user to explore the running malicious process.

Affected Products: Sysinternals Process Explorer version 9.23 and prior

Solution: Sysinternals Process Explorer version 9.24 :
http://www.sysinternals.com/Utilities/ProcessExplorer.html

http://www.frsirt.com/english/advisories/2005/1480