Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability alert CVE-2009-1123 CVE-2009-1124 CVE-2009-1125

Windows: privilege elevation

Synthesis of the vulnerability

An attacker can use four kernel vulnerabilities in order to execute code with system privileges.
Severity: 2/4.
Creation date: 10/06/2009.

Impacted products

Description of the vulnerability

A local attacker can use four kernel vulnerabilities in order to execute code with system privileges.

An attacker can change kernel Desktop objects in order to elevate his privileges. [severity:2/4; CERTA-2009-AVI-220, CVE-2009-1123, >]

An attacker can pass invalid pointers to the kernel in order to elevate his privileges. [severity:2/4; BID-35238, CVE-2009-1124, >]

An attacker can pass an invalid parameter to the driver registration method, in order to elevate his privileges. [severity:2/4; BID-35240, CVE-2009-1125, >]

An attacker can pass an invalid parameter to a method to modify an object of the Desktop, in order to elevate his privileges. [severity:2/4; CVE-2009-1126, >]

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter Yahoo 

Complete Vigil@nce bulletin

Windows: privilege elevation

Characteristics

Title: Windows: privilege elevation.
Keywords: CERTA-2009-AVI-220 Desktop Windows elevation privilege.
Identifiers: 968537, BID-35238, BID-35240, CERTA-2009-AVI-220, CVE-2009-1123, CVE-2009-1124, CVE-2009-1125, CVE-2009-1126, MS09-025, VIGILANCE-VUL-8781.

Information sources

Publications and announces
Source example: MS09-025 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)

Solutions for this vulnerability

Patch or workaround

Supplements

Vulnerability : Windows Kernel Desktop - CVE-2009-1123

An attacker can change kernel Desktop objects in order to elevate his privileges.
Severity: 2/4.
Identifiers: CERTA-2009-AVI-220, CVE-2009-1123.

Vulnerability : Windows Kernel Pointer Validation - CVE-2009-1124

An attacker can pass invalid pointers to the kernel in order to elevate his privileges.
Severity: 2/4.
Identifiers: BID-35238, CVE-2009-1124.

Vulnerability : Windows Driver Class Registration - CVE-2009-1125

An attacker can pass an invalid parameter to the driver registration method, in order to elevate his privileges.
Severity: 2/4.
Identifiers: BID-35240, CVE-2009-1125.

Vulnerability : Windows Desktop Parameter Edit - CVE-2009-1126

An attacker can pass an invalid parameter to a method to modify an object of the Desktop, in order to elevate his privileges.
Severity: 2/4.
Identifiers: CVE-2009-1126.

Computer vulnerabilities tracking service

Vigil@nce provides a system vulnerability patch. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.



















Copyright 1999-2012 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française