| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability bulletin CVE-2010-0232
Windows: privilege elevation via NtVdm
Synthesis of the vulnerability
| A local attacker, on a x86 processor, can use the 16 bit compatibility system, in order to elevate his privileges. |
Severity: 2/4.
Creation date: 20/01/2010.
|
Description of the vulnerability
Windows NT/2000/XP/2003/2008/Vista/7 can run 16 bit programs, created for MS-DOS and Windows 3.1, with NtVdm.exe (NT Virtual Dos Machine) and the Virtual-8086 mode of the processor.
When a 16 bit application calls a legacy BIOS service, the GP trap handler (nt!KiTrap0D) modifies the execution context (installed by NtVdmControl), and restores it later. However, a local attacker can modify this context, in order to execute code with kernel privileges.
A local attacker, on a x86 processor, can therefore use the 16 bit compatibility system, in order to elevate his privileges. |
Complete Vigil@nce bulletin
Characteristics
Title: Windows: privilege elevation via NtVdm.
Keywords: 2000 2003 2008 BIOS Dos KiTrap0D MS-DOS Machine NtVdm NtVdmControl Virtual Virtual-8086 Vista Windows elevation privilege x86.
Identifiers: 977165, 979682, BID-37864, CVE-2010-0232, MS10-015, VIGILANCE-VUL-9363.
|
Information sources
Solutions for this vulnerability
Supplements
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerability bulletins
|
