icon customer loginCustomer Area icon helpNeed help?
icon CSI downloadTry CSI icon PSI downloadDownload PSI icon Scan now Scan Now

Secunia Advisory SA38265

Microsoft Windows Two Privilege Escalation Vulnerabilities
Secunia Advisory SA38265
DOWNLOAD CSI

DOWNLOAD PSI
Release Date 2010-01-20
Last Update 2010-02-10
   
Popularity 4,594 views

Criticality level Less criticalLess critical
Impact Privilege escalation
Where Local system
Authentication level Available in Customer Area
   
Report reliability Available in Customer Area
Solution Status Vendor Patch
   
   
3rd party PoC/exploit Link available in Customer Area
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia CSI, Secunia PSI
Automated scanning Secunia CSI, Secunia PSI
   
Operating SystemMicrosoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 7
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2010-0232 CVSS available in Customer Area
CVE-2010-0233 CVSS available in Customer Area
  

Description
Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

1) An error exists within the #GP trap handler (nt!KiTrap0D), which can be exploited to execute arbitrary code with kernel privileges.

NOTE: 64-bit Microsoft Windows operating systems and Windows Server 2008 R2 for x64- and Itanium-based systems are not affected.

2) An error exists due to the Windows kernel not correctly resetting a pointer when freeing memory, which can be exploited to trigger a double-free condition.

Successful exploitation of this vulnerability allows arbitrary code execution with system level privileges.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
1) Tavis Ormandy
2) The vendor credits Tavis Ormandy, Google Inc.

Changelog
Further details available in Customer Area

Original Advisory
Tavis Ormandy:
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html

Microsoft (KB979682):
http://www.microsoft.com/technet/security/advisory/979682.mspx

MS10-015 (KB977165):
http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx

Deep Links
Links available in Customer Area


Discuss this advisory
A new thread in our forum is automatically created for each posted Secunia Advisory. Activate the thread by commenting/discussing below.
Subject: Microsoft Windows Two Privilege Escalation Vulnerabilities
 
No posts yet

-

You must be logged in to post a comment.


footer
© 2002-2010 Secunia ApS • Weidekampsgade 14A, Copenhagen, Denmark • +45 7020 5144 • info@secunia.com
Terms & Conditions and CopyrightReport vulnerability
CVE logo OTA logo First logo