Vigil@nce - Windows: privilege elevation via Keyboard Layout
March 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can load a malformed Keyboard Layout, in order to
obtain system privileges.
Severity: 2/4
Creation date: 15/02/2012
IMPACTED PRODUCTS
– Microsoft Windows 2003
– Microsoft Windows 2008
– Microsoft Windows 7
– Microsoft Windows Vista
– Microsoft Windows XP
DESCRIPTION OF THE VULNERABILITY
The location of keys on a keyboard depends on the country.
The win32k.sys driver loads a Keyboard Layout file, which
indicates the location of keys. However, if the file contains an
error, a freed memory area is used.
A local attacker can therefore load a malformed Keyboard Layout,
in order to obtain system privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-privilege-elevation-via-Keyboard-Layout-11358