Vigil@nce - Windows: several vulnerabilities of the kernel
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities of the Windows kernel can be used by a
local attacker to create a denial of service or to elevate his
privileges.
Severity: 2/4
Creation date: 11/08/2010
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in the Windows kernel.
A local attacker can create a specific thread, in order to elevate
his privileges. [severity:2/4; BID-42211, CVE-2010-1888]
A local attacker can generate an error during an object creation,
to force a double memory free, in order to elevate his privileges.
[severity:2/4; BID-42213, CVE-2010-1889]
A local attacker can generate an error in the ACL processing, in
order to force the system to restart. [severity:1/4; BID-42221,
CVE-2010-1890]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Windows-several-vulnerabilities-of-the-kernel-9822