OSVDB ID: 66934

Title: Microsoft Windows win32k.sys CreateDIBPalette() Function Local Overflow

Info

Disclosure

Aug 06, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Microsoft Windows is prone to an overflow condition. The 'CreateDIBPalette()' function in win32k.sys fails to properly sanitize user-supplied input resulting in a buffer overflow. By performing a clipboard operation with a crafted bitmap file containing a greater than 256 'biClrUsed' value of a 'BITMAPINFOHEADER', a local, context-dependent attacker can potentially execute arbitrary code.

Classification

Location: Local Access Required, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Microsoft Corporation	Windows XP	SP3
	Windows Server	2003 R2 Enterprise SP2
	Windows Server	2008 SP2
	Windows Vista	SP1
	Windows 7	All Versions

References

Exploit Database: 14566
CVE ID: 2010-2739 (see also: NVD)
Secunia Advisory ID: 40870
SCIP VulDB ID: 4158
VUPEN Advisory: ADV-2010-2029
Vendor Specific News/Changelog Entry: http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx
Other Advisory URL: http://www.ragestorm.net/blogs/?p=255

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/66934

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows XP

Windows Server

Windows Vista

Windows 7

References

Credit