Vigil@nce: Windows, privilege elevation via Win32k.sys
February 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use several vulnerabilities of Win32k.sys, in
order to elevate his privileges.
– Severity: 2/4
– Creation date: 09/02/2011
IMPACTED PRODUCTS
– Microsoft Windows 2003
– Microsoft Windows 2008
– Microsoft Windows 7
– Microsoft Windows Vista
– Microsoft Windows XP
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in the Windows kernel
driver Win32k.sys. They can be used by a local attacker to gain
system privileges.
An attacker can send malicious data to Win32k.sys, which are not
correctly validated. [severity:2/4; BID-46141, CVE-2011-0086]
An attacker can send malicious data to Win32k.sys, which are not
correctly validated. [severity:2/4; BID-46148, CVE-2011-0087]
An attacker can send an object containing a malicious pointer to
Win32k.sys. [severity:2/4; BID-46147, CVE-2011-0088]
An attacker can send an object containing a malicious pointer to
Win32k.sys. [severity:2/4; BID-46149, CVE-2011-0089]
An attacker can generate a memory corruption. [severity:2/4;
BID-46150, CVE-2011-0090]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-privilege-elevation-via-Win32k-sys-10350