OSVDB ID: 66934

Title: Microsoft Windows win32k.sys CreateDIBPalette() Function Local Overflow

Info

Disclosure

Aug 06, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Microsoft Windows is prone to an overflow condition. The 'CreateDIBPalette()' function in win32k.sys fails to properly sanitize user-supplied input resulting in a buffer overflow. By performing a clipboard operation with a crafted bitmap file containing a greater than 256 'biClrUsed' value of a 'BITMAPINFOHEADER', a local, context-dependent attacker can potentially execute arbitrary code.

Classification

Location: Local Access Required, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Microsoft Corporation

Windows XP

SP3

Windows Vista

SP1

Windows 7

All Versions

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/66934