SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Kernel Vendors:   Microsoft
Microsoft Windows Kernel GDI Data Structure Processing Bug Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1017168
SecurityTracker URL:  http://securitytracker.com/id/1017168
CVE Reference:   CVE-2006-5758   (Links to External Site)
Updated:  Apr 3 2007
Original Entry Date:  Nov 7 2006
Impact:   Denial of service via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2000 SP4, XP SP2; and prior service packs
Description:   A vulnerability was reported in the Windows 2000 and XP kernels. A local user can gain kernel-level privileges.

A local user can remap read-only GDI kernel data structures as read-write and then overwrite the data structures, causing arbitrary code to be executed on the target system with kernel level privileges.

The vulnerability resides in the Windows Graphics Rendering Engine when processing WMF and EMF file types.

A local user can also cause exploit this flaw to cause the target system to crash.

The vendor was notified on October 22, 2004.

The original advisory is available at:

http://projects.info-pull.com/mokb/MOKB-06-11-2006.html

A demonstration exploit is available at:

http://projects.info-pull.com/mokb/bug-files/GDIKernelPoC.cpp

Cesar Cerrudo discovered this vulnerability.

Impact:   A local user can obtain kernel level privileges on the target system or cause denial of service conditions on the target system.
Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=92F20599-3E7B-4217-91E6-FDCFB4C56856

Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F82EA184-945F-4B78-9463-10AC20A75020

Microsoft Windows XP Professional x64 Edition and Microsoft Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=EA5E1B87-4DB5-4B1A-891E-29C6BD6C0184

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx

Vendor URL:  www.microsoft.com/technet/security/Bulletin/MS07-017.mspx (Links to External Site)
Cause:   Access control error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC