Microsoft Windows Win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability Network Vulnerability

Summary

This host is prone to buffer ovreflow vulnerability.

Impact

Successful exploitation will allow attackers to crash an affected system or potentially execute arbitrary code with kernel privileges. Impact Level: System

Solution

Apply the latest updates from the below link. http://www.microsoft.com/en/us/default.aspx

Insight

The flaw is due to a buffer overflow error in the 'CreateDIBPalette()' function within the kernel-mode device driver 'Win32k.sys', when using the 'biClrUsed' member value of a 'BITMAPINFOHEADER' structure as a counter while retrieving Bitmap data from the clipboard.

Affected

Microsoft Windows 7 Microsoft Windows XP SP3 and prior. Microsoft Windows Vista SP 2 and prior. Microsoft Windows Server 2008 SP 2 and prior. Microsoft Windows Server 2003 SP 2 and prior.

References

http://secunia.com/advisories/40870
http://www.ragestorm.net/blogs/?p=255
http://www.vupen.com/english/advisories/2010/2029

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2739
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities
Microsoft Windows Indeo Codec Multiple Vulnerabilities
Update to Improve Credentials Protection and Management (2871997)
Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
scan for UPNP hosts

Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability

Take action and discover your vulnerabilities