Microsoft Windows Win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability Network Vulnerability

Summary

This host is prone to buffer ovreflow vulnerability.

Impact

Successful exploitation will allow attackers to crash an affected system or potentially execute arbitrary code with kernel privileges. Impact Level: System

Solution

Apply the latest updates from the below link. http://www.microsoft.com/en/us/default.aspx

Insight

The flaw is due to a buffer overflow error in the 'CreateDIBPalette()' function within the kernel-mode device driver 'Win32k.sys', when using the 'biClrUsed' member value of a 'BITMAPINFOHEADER' structure as a counter while retrieving Bitmap data from the clipboard.

Affected

Microsoft Windows 7 Microsoft Windows XP SP3 and prior. Microsoft Windows Vista SP 2 and prior. Microsoft Windows Server 2008 SP 2 and prior. Microsoft Windows Server 2003 SP 2 and prior.

References

http://secunia.com/advisories/40870
http://www.ragestorm.net/blogs/?p=255
http://www.vupen.com/english/advisories/2010/2029

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2739

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

The remote host is infected by a virus
Microsoft Windows SMB/NETBIOS NULL Session Authentication Bypass Vulnerability
Microsoft RPC Interface Buffer Overrun (KB824146)
Symantec Anti Virus Corporate Edition Check
Microsoft Office Excel Axis and Art Object Parsing Remote Code Execution Vulnerabilities

Microsoft Windows win32k.sys Driver 'CreateDIBPalette()' BOF Vulnerability

Take action and discover your vulnerabilities