Vigil@nce - Windows: privilege escalation via PGM
February 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force the usage of a freed memory area via PGM on
Windows, in order to trigger a denial of service, and possibly to
run code.
Impacted products: Windows 10, Windows 2008 R0, Windows 2008 R2,
Microsoft Windows 2012, Windows 7, Windows 8, Windows RT, Windows
Vista.
Severity: 2/4.
Creation date: 08/12/2015.
DESCRIPTION OF THE VULNERABILITY
The Windows Pragmatic General Multicast (PGM) protocol can be
enabled on a system with Microsoft Message Queuing (MSMQ).
However, an attacker can use PGM, and exploit a race in the memory
management, in order to use a memory area already freed.
An attacker can therefore force the usage of a freed memory area
via PGM on Windows, in order to trigger a denial of service, and
possibly to run code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-privilege-escalation-via-PGM-18476