Microsoft Windows WmiTraceMessageVa Kernel Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Home
Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

Network Enabled

Discount: SecuriTeam5_SANS

Promo With Us

Subjects of Interest:
Vulnerability Management
SQL Injection
Buffer Overflows
Active Network Scanning
Fuzzing
Fuzzer Report
Network Security
Network Scanner
Pen Testing
Security Scanner
Scanner Review
Fuzzer Review
Web Scanner Review

This vulnerability allows local attackers to execute arbitrary code from the context of kernelspace on vulnerable installations of Microsoft Windows.

Credit:
The information has been provided by std_logics.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-11-064/

Free Website Security Scan	Free Fuzzer Report	Vulnerability Assessment
Detect web app vulnerabilities	University study comparing the top	Accurate and automated scanning
Get guidance from professionals.	6 commercially availble fuzzers.	for networks of any size.

Protect your website!
Free Trial, Nothing to install.
No interruption of visitors.
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Microsoft Windows XP

The ability to make a system call is required in order to exploit this vulnerability.

The specific flaw exists within the kernel's support for Trace Events. Due to a bad type conversion, the kernel will use a truncated length for allocating data from userspace. When populating this buffer the kernel will use a differing length causing a buffer overflow. This will cause memory corruption and can lead to code execution under the context of the kernel.

Patch Availability:
Microsoft has issued an update to correct this vulnerability. More details can be found at:
http://www.microsoft.com/technet/security/bulletin/ms11-011.mspx

CVE Information:
CVE-2011-0045

Disclosure Timeline:
2010-09-29 - Vulnerability reported to vendor
2011-02-08 - Coordinated public release of advisory

blog comments powered by Disqus

	Microsoft Windows Local Privilege Escalation Vulnerabilities
	Microsoft Office Use After Free Memory Corruption Vulnerabilities
	Microsoft Internet Explorer Execute Arbitrary Code Remote Memory Corruption Vulnerabilities
	Microsoft Internet Explorer Cross-Domain Information Disclosure Vulnerabilities
	Microsoft Windows TCP/IP Stack Privilege Escalation Vulnerabilities
	Microsoft Windows OLE Code Execution Vulnerabilities
	Microsoft Internet Explorer Cross-Domain Execute Arbitrary Code Vulnerabilities
	Microsoft SharePoint Server Privilege Escalation Vulnerabilities
	Microsoft Office Invalid Pointer Memory Corruption Vulnerabilities
	Microsoft Internet Explorer Privilege Escalation Vulnerabilities
	Microsoft Windows Kernel Mode Driver Denial Of Service Vulnerabilities
	Microsoft Secure Channel Code Execution Vulnerabilities
	Microsoft Internet Explorer Denial-Of-Service Memory Corruption Vulnerabilities
	Microsoft Internet Explorer Cross-Domain Obtain Sensitive Information Vulnerabilities
	Microsoft OLE Automation Array Code Execution Vulnerabilities
	Microsoft XML Core Services Remote Code Execution Vulnerabilities
	Microsoft Internet Explorer Cross-Domain Memory Corruption Vulnerabilities
	Microsoft Windows Kerberos Checksum Remote Privilege Escalation Vulnerabilities
	Microsoft Windows Audio Service Privilege Escalation Vulnerabilities
	Microsoft Input Method Editor (IME) For Japanese Remote Privilege Escalation Vulnerabilities

Featured Articles

	Microsoft Windows Graphics Component Remote Code Execution Vulnerabilities
	Microsoft Windows Local Remote Procedure Call (LRPC) Server Spoofing LPC Port Message Handling Local Stack Buffer Overflow Vulnerability
	Microsoft SharePoint Server Multiple Component Crafted Page Content Handling Remote Code Execution Vulnerability
	Microsoft Windows Win32k.sys RFONTOBJ bTextExtent Function Handling Local Integer Overflow DoS Vulnerability
	Microsoft Windows Kernel Memory Object Handling Race Condition Local Privilege Escalation (2013-1294) Vulnerability
	Microsoft Windows Win32k.sys Memory Object Handling Race Condition Local Privilege Escalation (2013-1283) Vulnerability
	Microsoft Visio Viewer Tree Object Type Confusion Visio File Handling Arbitrary Code Vulnerability
	Microsoft Office for Mac HTML5 Email Message Unspecified Content Tag Loading Information Disclosure Vulnerability
	Microsoft SharePoint Callback Function URL Handling Privilege Escalation Vulnerability
	Microsoft Windows USB Driver Memory Object Handling Local Privilege (2013-1287) Vulnerability
	Microsoft Windows USB Driver Memory Object Handling Local Privilege Escalation Vulnerability
	Microsoft Windows Kernel Memory Object Handling Local Privilege Escalation Vulnerability
	Microsoft Windows SSL/TSL Forced Downgrade MitM Weakness
	Microsoft Windows Memory Object Handling Local Memory Privilege Escalation Vulnerability
	Microsoft Windows Privilege Escalation Vulnerability
	Microsoft .NET Framework Serialization Remote Code Execution Vulnerability
	Microsoft Visio Viewer VSD File Format Remote Code Execution Vulnerability
	Microsoft .NET Framework Input Serialization CVE-2012-0160 Remote Code Execution Vulnerability
	Microsoft .NET Framework ASP.NET Forms Authentication Bypass Vulnerability
	'TrendMicro Control Manager CASProcessor.exe BLOB Code Execution Vulnerability'

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs