By sending a malformed 'Directory' request it is possible to create a condition where free() is called on memory that is still in use. This can result in an exploitable condition when free() is called on the memory chunk a second time. The agent installed by this exploit runs with administrative privileges. This update improve the exploit reliability.
Sunday, May 4, 2008 - 19:00