The Proof of Concept exploit for the Microsoft Windows Kernel APC Data-Free Local Privilege Escalation Exploit has been released in FrSIRT.
Upon successfull exploitation, the attacker can have a system-level priviliges on the local machine which includes but not limited to adding user accounts with full access rights and installing programs. In effect, the attacker can have complete control of the affected system. But, the attacker must be able to log in first on the target machine before carrying the attack since this is a local-based exploit.
References:
http://www.microsoft.com/technet/security/bulletin/MS05-055.mspx
http://www.eeye.com/html/research/advisories/AD20051213.html
