Vigil@nce: Windows kernel, privilege elevation
October 2008 by Vigil@nce
SYNTHESIS
Three vulnerabilities of Windows kernel can be used by a local
attacker to obtain system privileges.
Gravity: 2/4
Consequences: administrator access/rights
Provenance: user account
Means of attack: 1 proof of concept
Ability of attacker: specialist (3/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 3
Creation date: 15/10/2008
IMPACTED PRODUCTS
– Microsoft Windows 2000
– Microsoft Windows 2003
– Microsoft Windows 2008
– Microsoft Windows Vista
– Microsoft Windows XP
DESCRIPTION
Three vulnerabilities of Windows kernel can be used by a local
attacker to obtain system privileges.
The kernel does not correctly check properties passed during
windows creation. [grav:2/4; BID-31651, CVE-2008-2250]
When several threads use system calls, a double memory free
occurs, and corrupts the memory. [grav:2/4; BID-31570, BID-31653,
CVE-2008-2251, CVE-2008-4510]
Some data transmitted from the User Mode are not correctly checked
by the kernel. [grav:2/4; BID-31652, CVE-2008-2252]
CHARACTERISTICS
Identifiers: 954211, BID-31570, BID-31651, BID-31652, BID-31653,
CVE-2008-2250, CVE-2008-2251, CVE-2008-2252, CVE-2008-4510,
MS08-061, VIGILANCE-VUL-8170