Vigil@nce - Windows: two vulnerabilities of Win32k
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Win32k of Windows.
– Impacted products: Windows 2003, Windows 2008, Microsoft Windows
2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP
– Severity: 2/4
– Creation date: 11/03/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in the win32k.sys kernel
driver, which for example manages windows.
A local attacker can manipulate an object in memory, in order to
escalate his privileges. [severity:2/4; CVE-2014-0300]
A local attacker can manipulate an object in memory, in order to
obtain sensitive information. [severity:1/4; CVE-2014-0323]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-two-vulnerabilities-of-Win32k-14406