Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability bulletin CVE-2010-0484 CVE-2010-0485 CVE-2010-1255

Windows: privilege elevation via win32k.sys

Synthesis of the vulnerability

A local attacker can use three vulnerabilities of the win32k.sys driver, in order to elevate his privileges.
Severity: 2/4.
Creation date: 09/06/2010.

Description of the vulnerability

The win2k.sys driver implements in particular the management for windows, the keyboard and the screen. It is impacted by three vulnerabilities.

A local attacker can change certain kernel objects via GetDCEx(), in order to corrupt the memory. [severity:2/4; BID-40508, CVE-2010-0484, >]

A local attacker can create windows with malicious parameters, in order to corrupt the memory. [severity:2/4; BID-40569, CVE-2010-0485, >]

A local attacker can use a TrueType font, with a malicious outline, in order to corrupt the memory. [severity:2/4; BID-40570, CVE-2010-1255, >]

A local attacker can therefore use three vulnerabilities of the win32k.sys driver, in order to elevate his privileges.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Windows: privilege elevation via win32k.sys.
Keywords: GetDCEx TrueType Windows elevation privilege win2k win32k.
Identifiers: 979559, BID-40508, BID-40569, BID-40570, CVE-2010-0484, CVE-2010-0485, CVE-2010-1255, MS10-032, VIGILANCE-VUL-9688.
Pointed by: VIGILANCE-VUL-9720.

Information sources

Publications and announces
Source example: MS10-032 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)

Solutions for this vulnerability

Patch or workaround

Supplements

Vulnerability : Win32k Improper Data Validation Vulnerability - CVE-2010-0484

A local attacker can change certain kernel objects via GetDCEx(), in order to corrupt the memory.
Severity: 2/4.
Identifiers: BID-40508, CVE-2010-0484.
Publications and announces

Vulnerability : Win32k Window Creation Vulnerability - CVE-2010-0485

A local attacker can create windows with malicious parameters, in order to corrupt the memory.
Severity: 2/4.
Identifiers: BID-40569, CVE-2010-0485.

Vulnerability : Win32k TrueType Font Parsing Vulnerability - CVE-2010-1255

A local attacker can use a TrueType font, with a malicious outline, in order to corrupt the memory.
Severity: 2/4.
Identifiers: BID-40570, CVE-2010-1255.

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française