Vigil@nce - Windows: privilege elevation via win32k.sys
June 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use five vulnerabilities of the kernel
driver, in order to execute code with system privileges.
Severity: 2/4
Creation date: 12/06/2012
IMPACTED PRODUCTS
– Microsoft Windows 2003
– Microsoft Windows 2008
– Microsoft Windows 7
– Microsoft Windows Vista
– Microsoft Windows XP
DESCRIPTION OF THE VULNERABILITY
Five vulnerabilities were announced in the Windows kernel
win32k.sys driver.
An attacker can send a malformed string to win32k.sys, in order to
elevate his privileges. [severity:2/4; BID-53815, CVE-2012-1864]
An attacker can send a malformed string to win32k.sys, in order to
elevate his privileges. [severity:2/4; BID-53816, CVE-2012-1865]
An attacker can send malicious clipboard data to win32k.sys, in
order to elevate his privileges. [severity:2/4; BID-53817,
CVE-2012-1866]
An attacker can use a TrueType font, which creates a memory
allocation error in win32k.sys. [severity:2/4; BID-53819,
CVE-2012-1867]
An attacker can create a specific thread type, in order to elevate
his privileges. [severity:2/4; BID-53820, CVE-2012-1868]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-privilege-elevation-via-win32k-sys-11701