News
Vigil@nce - Windows: several vulnerabilities of win32k.sys
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities of the Windows win32k.sys kernel-mode driver can be used by a local attacker to create a denial of service or to elevate his privileges.
Severity: 2/4
Creation date: 11/08/2010
DESCRIPTION OF THE VULNERABILITY
The Windows win32k.sys kernel-mode driver provides basic features such as the display, input/output or message processing. It is impacted by several vulnerabilities.
A local attacker can pass a malicious argument to a system call, in order to generate a denial of service. [severity:1/4; BID-42250, CVE-2010-1887]
A local attacker can generate an exception, in order to elevate his privileges. [severity:2/4; CVE-2010-1894]
A local attacker can generate an overflow when user mode data are copied, in order to elevate his privileges. [severity:2/4; BID-42245, CVE-2010-1895]
A local attacker can send malicious data, in order to elevate his privileges. [severity:2/4; BID-42210, CVE-2010-1896]
A local attacker can pass a malicious callback argument when a window is created via CreateWindow(), in order to elevate his privileges. [severity:2/4; BID-42206, CORE-2010-0623, CVE-2010-1897]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
