Vigil@nce - Windows: several vulnerabilities of the kernel
April 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities of the Windows kernel can be used by a
local attacker to create a denial of service or to elevate his
privileges.
Severity: 2/4
Creation date: 14/04/2010
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in the Windows kernel.
An attacker can call a system call with a NULL parameter, in order
to force the kernel to dereference a NULL pointer, which stops it.
[severity:1/4; BID-39297, CVE-2010-0234]
An attacker can create a malformed symbolic link, in order to
force the system to restart. [severity:1/4; BID-39309,
CVE-2010-0235]
An attacker can create a malformed symbolic link in the registry,
in order to generate an allocate error, and to execute privileged
code. [severity:2/4; BID-39323, CVE-2010-0236]
An attacker can create a symbolic link to a privileged hive of the
registry, in order to execute privileged code. [severity:2/4;
BID-39324, CVE-2010-0237]
An attacker can create a malformed key in the registry, in order
to force the system to restart. [severity:1/4; BID-39318,
CVE-2010-0238]
An attacker can create a key with a virtual path in the registry,
in order to force the system to restart. [severity:1/4; BID-39319,
CVE-2010-0481]
An attacker can execute a program with a malformed relocation
section, in order to force the system to restart. [severity:1/4;
BID-39320, CVE-2010-0482]
An attacker can execute a program generating a special exception,
in order to force the system to restart. [severity:1/4; BID-39322,
CVE-2010-0810]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-several-vulnerabilities-of-the-kernel-9574