Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability announce CVE-2010-1734 CVE-2010-1735

Windows: denials of service of win32k.sys

Synthesis of the vulnerability

A local attacker can use the PostMessage() function, in order to generate an error in win32k.sys, which stops the system.
Severity: 1/4.
Creation date: 23/04/2010.

Impacted products

Description of the vulnerability

The PostMessage() function is used to send a message to a window. It uses win32k.sys. Two vulnerabilities of win32k.sys can be exploited via PostMessage().

The PostMessage() function does not check the memory address given as argument, when the message type is 0x4c (SfnLOGONNOTIFY). [severity:1/4; BID-39630, CVE-2010-1735, >]

The PostMessage() function does not check the memory address given as argument, when the message type is 0x18d (SfnINSTRING). [severity:1/4; BID-39631, CVE-2010-1734, >]

A local attacker can therefore use the PostMessage() function, in order to generate an error in win32k.sys, which stops the system.

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter Yahoo 

Complete Vigil@nce bulletin

Windows: denials of service of win32k.sys

Characteristics

Title: Windows: denials of service of win32k.sys.
Keywords: 0x4c 0x18d PostMessage SfnINSTRING SfnLOGONNOTIFY Windows denials service win32k.
Identifiers: 2160329, BID-39630, BID-39631, CVE-2010-1734, CVE-2010-1735, MS10-048, VIGILANCE-VUL-9607.

Solutions for this vulnerability

Patch or workaround

Supplements

Vulnerability : SfnLOGONNOTIFY

The PostMessage() function does not check the memory address given as argument, when the message type is 0x4c (SfnLOGONNOTIFY).
Severity: 1/4.
Identifiers: BID-39630, CVE-2010-1735.
Publications and announces

Vulnerability : SfnINSTRING

The PostMessage() function does not check the memory address given as argument, when the message type is 0x18d (SfnINSTRING).
Severity: 1/4.
Identifiers: BID-39631, CVE-2010-1734.
Publications and announces

Attack

Exploit 0day or proof of concept

Attack

Exploit 0day or proof of concept

Computer vulnerabilities tracking service

Vigil@nce provides an application vulnerability patch. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The technology watch team tracks security threats targeting the computer system.



















Copyright 1999-2012 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française