CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 4CVE-2010-4398 – Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2010-4398
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." Desbordamiento de buffer basado en pila en la función RtlQueryRegistryValues de win32k.sys de Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 hasta la versión R2 y Windows 7. ... Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature. • storyid=9988 http://nakedsecurity.sophos.com/2010/11/25/new-windows-zero-day-flaw-bypasses-uac http://secunia.com/advisories/42356 http://support.avaya.com/css/P8/documents/100127248 http://twitter.com/msftsecresponse/statuses/7590788200402945 http://www.exploit-db.com/bypassing-uac-with-user-privilege-under-windows-vista7-mirror http://www.exploit-db.com/exploits/15609 http://www.kb.cert.org/vuls/id/529673 http://www.securityfocus.com/bid/45045 http://www.securitytracker.com&#x • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 2CVE-2010-2739 – Microsoft Windows - 'win32k.sys' Driver 'CreateDIBPalette()' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-2739
Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors. Desbordamiento de búffer basado en pila en la función CreateDIBPalette en win32k.sys de Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, y Server 2008 SP2, permite a usuarios locales provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección realizando una operación de portapapeles (función GetClipboardData) con un mapa de bits manipulado con una paleta que contenga un gran número de colores • https://www.exploit-db.com/exploits/14566 http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx http://secunia.com/advisories/40870 http://www.ragestorm.net/blogs/?p=255 http://www.vupen.com/english/advisories/2010/2029 https://msrc.microsoft.com/blog/2010/08/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 1CVE-2010-1897 – Microsoft Windows - CreateWindow Function Callback (MS10-048)
https://notcve.org/view.php?id=CVE-2010-1897
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability." El controlador -driver- de Windows kernel-mode en win32k.sys de Wicrosoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 Gold, SP2, y R2, y Windows 7 no valida adecuadamente valores pseudo-manejados (pseudo-handle)en los parámetros de devolución durante la creación de la ventana, lo que permite a usuarios locales elevar sus privilegios a través de aplicaciones manipuladas, también conocido como "Win32k Window Creation Vulnerability." • https://www.exploit-db.com/exploits/14608 http://www.us-cert.gov/cas/techalerts/TA10-222A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11663 • CWE-20: Improper Input Validation •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 2CVE-2008-7211 – Creative Ensoniq PCI ES1371 WDM Driver 5.1.3612 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-7211
CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in Ensoniq PCI 1371 sound cards and when running on Windows Vista, does not create a Functional Device Object (FDO) to prevent user-moade access to the Physical Device Object (PDO), which allows local users to gain SYSTEM privileges via a crafted IRP request that dereferences a NULL FsContext pointer. El controlador de audio CreativeLabs es1371mp.sys v5.1.3612.0 WDM, como el usado en las tarjetas de sonido Ensoniq PCI 1371, y cuando está ejecutándose Windows Vista, no crea un Functional Device Object (FDO) para prevenir el acceso en modo usuario al Physical Device Object (PDO), lo que permite a usuarios locales obtener privilegios de SYSTEM a través de una petición IRP manipulada que desreferencie un punterio FsContext nulo. • https://www.exploit-db.com/exploits/30999 http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=54 http://www.securityfocus.com/archive/1/485848/100/200/threaded http://www.securityfocus.com/bid/27179 •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 1CVE-2008-3464 – Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (K-plugin) (MS08-066)
https://notcve.org/view.php?id=CVE-2008-3464
afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." El archivo afd.sys en el componente Ancillary Function Driver (AFD) en Windows XP SP2 y SP3 y Windows Server 2003 SP1 y SP2 de Microsoft, no comprueba apropiadamente la entrada enviada desde el modo de usuario al kernel, lo que permite a los usuarios locales alcanzar privilegios por medio de una aplicación diseñada, como es demostrado mediante el uso de punteros y longitudes diseñadas que omiten las restricciones previstas ProbeForRead y ProbeForWrite, también se conoce como "AFD Kernel Overwrite Vulnerability". • https://www.exploit-db.com/exploits/6757 http://blogs.technet.com/swi/archive/2008/10/14/ms08-066-how-to-correctly-validate-and-capture-user-mode-data.aspx http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/32261 http://www.securityfocus.com/archive/1/497375/100/0/threaded http://www.securityfocus.com/bid/31673 http://www.securitytracker.com/id?1021053 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/ • CWE-264: Permissions, Privileges, and Access Controls •