Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a local, context-dependent attacker uses a crafted application to trigger a null pointer dereference, allowing them to gain elevated privileges.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• Security Tracker: 1025345
• OVAL ID: 12546
• CVE ID: 2011-0673 (see also: NVD)
• Microsoft Knowledge Base Article: 2506223
• Secunia Advisory ID: 44156
• Bugtraq ID: 47234
• ISS X-Force ID: 66402
• Related OSVDB ID: 71728 71729 71730 71731 71732 71734 71735 71736 71737 71738 71739
• VUPEN Advisory: ADV-2011-0952
• Vendor Specific News/Changelog Entry: http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx
  http://support.avaya.com/css/P8/documents/100133352
• News Article: http://www.scmagazineus.com/microsoft-distributes-17-patches-for-64-flaws/article/200597/
• Microsoft Security Bulletin: MS11-034
• CERT: TA11-102A

• Tarjei Mandt - Norman