OSVDB ID: 69798

Title: Microsoft Windows win32k.sys Unspecified Memory Corruption Local Privilege Escalation

Info

Disclosure

Dec 14, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Dec 14, 2010

Description

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the kernel-mode drivers improperly validate input passed from user mode. This can allow a local attacker to gain elevated privileges and execute arbitrary code in kernel mode.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Microsoft Corporation

Windows Vista

SP1
SP2
x64 Edition SP1
x64 Edition SP2
SP1
SP2
x64 Edition SP1
x64 Edition SP2

Windows XP

SP3
Professional x64 Edition SP2
SP3
Professional x64 Edition SP2

Windows 7

All Versions
All Versions

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/69798