OSVDB ID: 66990

Title: Microsoft Windows Kernel Object ACL Validation SeObjectCreateSaclAccessBits() Local DoS

Info

Disclosure

Aug 11, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 10, 2010

Description

Microsoft Windows contains a flaw that may allow a local authenticated denial of service. The issue is triggered when the kernel fails to properly validate access control lists in the 'SeObjectCreateSaclAccessBits()' function on kernel objects, and will result in loss of availability for the platform.

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Microsoft Corporation	Windows Vista	SP1
		SP2
		x64 Edition SP1
		x64 Edition SP2
	Windows Server 2008	SP2
		for Itanium-based Systems
		SP0
		for Itanium-based Systems SP2
	Windows Server 2008 R2	for Itanium-based Systems
	Windows Server 2008 R2	for x64-based Systems
	Windows 7	SP0

References

CVE ID: 2010-1890 (see also: NVD)
Secunia Advisory ID: 40871
Related OSVDB ID: 66988 66989
Microsoft Knowledge Base Article: 981852
Microsoft Security Bulletin: MS10-047

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/66990

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows Vista

Windows Server 2008

Windows Server 2008 R2

Windows 7

References

Credit