Vigil@nce: Windows, privilege elevation via the kernel
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
Two vulnerabilities of the Windows kernel can be used by a local
attacker to elevate his privileges.
– Severity: 2/4
– Creation date: 09/02/2011
IMPACTED PRODUCTS
– Microsoft Windows 2003
– Microsoft Windows 2008
– Microsoft Windows 7
– Microsoft Windows Vista
– Microsoft Windows XP
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in the Windows kernel, and can
be used by a local attacker to gain system privileges.
A local attacker can use a malicious EUDC key, which creates an
overflow in RtlQueryRegistryValues(), in order to elevate his
privileges (VIGILANCE-VUL-10151 (https://vigilance.fr/tree/1/10151)).
[severity:2/4; BID-45045, CVE-2010-4398, VU#529673]
A local attacker can generate an allocation error inside
WmiTraceMessageVa, in order to execute code with kernel
privileges. [severity:2/4; BID-46136, CVE-2011-0045, ZDI-11-064]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-privilege-elevation-via-the-kernel-10349