Just to clarify, that’s Windows NT 3.1, not the old 16-bit Windows 3.1. I was wondering how the hell you could have a privilege escalation bug on an OS with only one level of privilege.

The problem is caused by flaws in the Virtual DOS Machine (VDM) introduced in 1993 to support 16-bit applications (real mode applications for 8086). VDM is based on the Virtual 8086 Mode (VM86) in 80386 processors and, among other things, intercepts hardware routines such as BIOS calls. Google security team member Tavis Ormandy has found several vulnerabilities in this implementation that allow an unprivileged 16-bit program to manipulate the kernel stack of each process via a number of tricks. This potentially enables attackers to execute code at system privilege level.

Source

Related Posts: On this day...

• Megaupload Founder Kim Schmitz Cars Seized by FBI - 2012
• Car key fob technology hacked - 2011
• Man paddles his canoe through a flooded McDonalds - 2011
• Hitler finds out Scott Brown won Massachusetts Senate seat - 2010
• New Orleans cops use ancient "unnatural copulation" law to turn prostitutes into sex-offenders - 2010
• The facts behind Microsoft's anti-Linux campaign - 2009
• Why Is There A Stockpile Of Half A Million Government Coffins In Georgia? - 2009
• Malware posing as Change.gov - 2009
• Mario etched eeepc - 2009
• HOWTO: E-file your federal taxes for FREE - 2008