The Members Forum

Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: Windows 7 dinged by new zero-day vulnerability


Administrator / Manager

Status: Offline
Posts: 2499
Date:
Windows 7 dinged by new zero-day vulnerability
Permalink   


Microsoft’s Windows 7 operating system is vulnerable to a new zero-day vulnerability that exposes users to blue-screen crashes or code execution attacks.

The flaw, could be exploited by local attackers to cause a denial-of-service or potentially gain elevated privileges, according to an advisory from VUPEN, a French security research outfit.From VUPEN’s advisory:

This issue is caused by a buffer overflow error in the “CreateDIBPalette()” function within the kernel-mode device driver “Win32k.sys” when using the “biClrUsed” member value of a “BITMAPINFOHEADER” structure as a counter while retrieving Bitmap data from the clipboard, which could be exploited by malicious users to crash an affected system or potentially execute arbitrary code with kernel privileges.

The flaw is confirmed on fully patched Microsoft Windows 7, Windows Server 2008 SP2, Windows Server 2003 SP2, Windows Vista SP2, and Microsoft Windows XP SP3.

Microsoft is investigating.

ZDnet has the details HERE!



__________________

http://www.mycomputerplayground.com
http://www.digitaldrama.net
http://www.thisrules.net
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse
Powered by ActiveBoard