Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Windows kernel, privilege elevation

October 2008 by Vigil@nce

SYNTHESIS

Three vulnerabilities of Windows kernel can be used by a local
attacker to obtain system privileges.

Gravity: 2/4

Consequences: administrator access/rights

Provenance: user account

Means of attack: 1 proof of concept

Ability of attacker: specialist (3/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 3

Creation date: 15/10/2008

IMPACTED PRODUCTS

 Microsoft Windows 2000
 Microsoft Windows 2003
 Microsoft Windows 2008
 Microsoft Windows Vista
 Microsoft Windows XP

DESCRIPTION

Three vulnerabilities of Windows kernel can be used by a local
attacker to obtain system privileges.

The kernel does not correctly check properties passed during
windows creation. [grav:2/4; BID-31651, CVE-2008-2250]

When several threads use system calls, a double memory free
occurs, and corrupts the memory. [grav:2/4; BID-31570, BID-31653,
CVE-2008-2251, CVE-2008-4510]

Some data transmitted from the User Mode are not correctly checked
by the kernel. [grav:2/4; BID-31652, CVE-2008-2252]

CHARACTERISTICS

Identifiers: 954211, BID-31570, BID-31651, BID-31652, BID-31653,
CVE-2008-2250, CVE-2008-2251, CVE-2008-2252, CVE-2008-4510,
MS08-061, VIGILANCE-VUL-8170

http://vigilance.aql.fr/vulnerability/8170


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts