http://www.vupen.com/english/advisories/2010/2029
Technical Description
A vulnerability has been identified in Microsoft Windows, which could be exploited by local attackers to cause a denial of service or potentially gain elevated privileges. This issue is caused by a buffer overflow error in the “CreateDIBPalette()” function within the kernel-mode device driver “Win32k.sys” when using the “biClrUsed” member value of a “BITMAPINFOHEADER” structure as a counter while retrieving Bitmap data from the clipboard, which could be exploited by malicious users to crash an affected system or potentially execute arbitrary code with kernel privileges.
VUPEN has confirmed the vulnerability on fully patched Microsoft Windows 7, Windows Server 2008 SP2, Windows Server 2003 SP2, Windows Vista SP2, and Microsoft Windows XP SP3.
转载请注明:Kermit的网站 » Microsoft Windows Kernel “Win32k.sys” Pool Corruption Vulnerability