Vigil@nce: Windows, privilege elevation via TCP/IP
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use two vulnerabilities of TCP/IP, in order
to bypass the firewall, or to elevate his privileges.
– Severity: 2/4
– Creation date: 09/05/2012
IMPACTED PRODUCTS
– Microsoft Windows 2008
– Microsoft Windows 7
– Microsoft Windows Vista
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in TCP/IP features.
When the administrator configured a security policy blocking
outgoing packets, a local attacker can still send broadcast
packets. [severity:1/4; CERTA-2012-AVI-257, CVE-2012-0174,
INFIGO-2012-05-01]
A local attacker can attach an IPv6 address to an interface, in
order to generate a double memory free in tcpip.sys, leading a
code execution with system privileges. [severity:2/4;
CVE-2012-0179]
A local attacker can therefore use two vulnerabilities of TCP/IP,
in order to bypass the firewall, or to elevate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-privilege-elevation-via-TCP-IP-11597