Skip to main content

Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities ( 09 June 2010 )

Last Update Date: 28 Jan 2011 Release Date: 9 Jun 2010 5177 Views

RISK: Medium Risk

1. Win32k Improper Data Validation Vulnerability

An elevation of privilege vulnerability exists because the Windows kernel-mode drivers do not properly validate changes in certain kernel objects. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

2. Win32k Window Creation Vulnerability

An elevation of privilege vulnerability exists because Windows kernel-mode drivers do not properly validate all parameters when creating a new window. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

3. Win32k TrueType Font Parsing Vulnerability

An elevation of privilege vulnerability exists due to the way that the operating system provides font-related information to applications. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.