Vigil@nce: Windows, privilege elevation via Virtual Address Descriptor
October 2008 by Vigil@nce
SYNTHESIS
A local attacker can generate an integer overflow in Virtual
Address Descriptors in order to obtain system privileges.
Gravity: 2/4
Consequences: administrator access/rights
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 15/10/2008
IMPACTED PRODUCTS
– Microsoft Windows 2003
– Microsoft Windows 2008
– Microsoft Windows Vista
– Microsoft Windows XP
DESCRIPTION
VADs (Virtual Address Descriptors) are used by applications to
handle their own memory space.
However, a program can force a variable to be decremented in VAD
implementation, which creates an integer overflow.
A local attacker can therefore execute a malicious program in
order to obtain system privileges.
CHARACTERISTICS
Identifiers: 956841, BID-31675, CVE-2008-4036, MS08-064,
VIGILANCE-VUL-8173