OSVDB ID: 66981

Title: Microsoft Windows win32k.sys Driver User Mode Copy Memory Allocation Local Privilege Escalation

Info

Disclosure

Aug 10, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 10, 2010

Description

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when win32k.sys fails to properly allocate memory when copying data from user mode, allowing a local authenticated attacker to cause a pool overflow and gain full user privileges.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Microsoft Corporation	Windows XP	SP3
		Professional x64 Edition SP2
	Windows Server	2003 SP2 for Itanium
		2003 x64 Edition SP2
		2003 SP2

References

CVE ID: 2010-1895 (see also: NVD)
Microsoft Knowledge Base Article: 2160329
Secunia Advisory ID: 40878
Related OSVDB ID: 66979 66980 66982 66983
Microsoft Security Bulletin: MS10-048

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/66981

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows XP

Windows Server

References

Credit