Microsoft Windows is prone to an overflow condition. win32k.sys fails to properly process the 'GreEnableEUDC()' function, resulting in a buffer overflow. With a specially crafted 'SystemDefaultEUDCFont' registry value, a local attacker can potentially execute arbitrary code.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• Exploit Database: 15609
• CVE ID: 2010-4398 (see also: NVD)
• Microsoft Knowledge Base Article: 2393802
• SCIP VulDB ID: 4231
• Secunia Advisory ID: 42356
• CERT VU: 529673
• Related OSVDB ID: 70823
• Other Advisory URL: http://isc.sans.edu/diary.html?storyid=9988
  http://twitter.com/msftsecresponse/statuses/7590788200402945
  http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror/
• News Article: http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac/
• Microsoft Security Bulletin: MS11-011

• noobpwnftw