Vigil@nce - Windows: privilege elevation via Win32k
February 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use several kernel vulnerabilities, in order
to gain system privileges.
Impacted products: Windows 2003, Windows 2008, Microsoft Windows
2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP
Severity: 2/4
Creation date: 12/02/2013
DESCRIPTION OF THE VULNERABILITY
The Win32k driver is the interface to the Windows kernel.
However, an attacker can use several race vulnerabilities on
Win32k, in order to elevate his privileges.
A local attacker can therefore use several kernel vulnerabilities,
in order to gain system privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-privilege-elevation-via-Win32k-12415