Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2010-0484 to a friend New vulnerability? New tool? Tell us	CVE-2010-0484 Microsoft Windows Kernel GetDCEx() Memory Corruption Vulnerability     Credit: The information has been provided by Sebastien Renaud. The original article can be found at: http://seclists.org/bugtraq/2010/Jun/116 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2010-0484 Details Check for CVE-2010-0484 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Microsoft Windows Vista Service Pack 2  * Microsoft Windows Vista x64 Edition Service Pack 2  * Microsoft Windows XP Service Pack 3  * Microsoft Windows XP Professional x64 Edition Service Pack 2  * Microsoft Windows Server 2008 (32-bit) Service Pack 2  * Microsoft Windows Server 2008 (x64) Service Pack 2  * Microsoft Windows Server 2008 (Itanium) Service Pack 2  * Microsoft Windows Server 2003 Service Pack 2  * Microsoft Windows Server 2003 SP2 (Itanium)  * Microsoft Windows Server 2003 x64 Edition Service Pack 2  * Microsoft Windows 2000 Service Pack 4 The vulnerability is caused by a memory corruption within the kernel-mode device driver "Win32k.sys" when handling Device Contexts (DC) via the "GetDCEx()" function, which could be exploited by local attackers to gain ring0 privileges via a specially crafted application. Patch Availability: Apply MS10-032 security update: http://www.microsoft.com/technet/security/bulletin/ms10-032.mspx CVE Information: CVE-2010-0484 Disclosure Timeline: 2009-11-25 - Vendor notified 2009-11-25 - Vendor response 2010-06-08 - Coordinated public Disclosure  Comments on CVE-2010-0484:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®