Severity: 2/4

Consequences: administrator access/rights

Provenance: user shell

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 4

Creation date: 10/06/2009

IMPACTED PRODUCTS

 Microsoft Windows 2000
 Microsoft Windows 2003
 Microsoft Windows 2008
 Microsoft Windows Vista
 Microsoft Windows XP

DESCRIPTION OF THE VULNERABILITY

A local attacker can use four kernel vulnerabilities in order to execute code with system privileges.

An attacker can change kernel Desktop objects in order to elevate his privileges. [grav:2/4; CVE-2009-1123]

An attacker can pass invalid pointers to the kernel in order to elevate his privileges. [grav:2/4; BID-35238, CVE-2009-1124]

An attacker can pass an invalid parameter to the driver registration method, in order to elevate his privileges. [grav:2/4; BID-35240, CVE-2009-1125]

An attacker can pass an invalid parameter to a method to modify an object of the Desktop, in order to elevate his privileges. [grav:2/4; CVE-2009-1126]

CHARACTERISTICS

Identifiers: 968537, BID-35238, BID-35240, CVE-2009-1123, CVE-2009-1124, CVE-2009-1125, CVE-2009-1126, MS09-025, VIGILANCE-VUL-8781

http://vigilance.fr/vulnerability/Windows-privilege-elevation-8781