=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN291
_____________________________________________________________________

DATE                      : 11/08/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows XP, Windows Server 2003, Windows Vista,
                             Windows Server 2008, Windows 7.

======================================================================
KB2160329
http://www.adobe.com/support/security/bulletins/apsb10-16.html
______________________________________________________________________

Microsoft Security Bulletin MS10-048 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of
Privilege (2160329)

Version: 1.0

General Information

Executive Summary

  This security update resolves one publicly disclosed and four privately
  reported vulnerabilities in the Windows kernel-mode drivers. The most severe
  of these vulnerabilities could allow elevation of privilege if an attacker
  logs on to an affected system and runs a specially crafted application. An
  attacker must have valid logon credentials and be able to log on locally to
  exploit this vulnerability. The vulnerability could not be exploited
  remotely or by anonymous users.

  This security update is rated Important for all supported editions of
  Microsoft Windows. For more information, see the subsection, Affected and
  Non-Affected Software, in this section.

  The security update addresses the vulnerabilities by correcting the manner
  in which Windows kernel-mode drivers handle exceptions, allocate memory,
  and validate system call arguments, user-mode input, and new window callback
  parameters. For more information about the vulnerabilities, see the
  Frequently Asked Questions (FAQ) subsection for the specific vulnerability
  entry under the next section, Vulnerability Information.

Affected Software

  Windows XP Service Pack 3
  Windows XP Professional x64 Edition Service Pack 2
  Windows Server 2003 Service Pack 2
  Windows Server 2003 x64 Edition Service Pack 2
  Windows Server 2003 with SP2 for Itanium-based Systems
  Windows Vista Service Pack 1 and Windows Vista Service Pack 2
  Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition
    Service Pack 2
  Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit
    Systems Service Pack 2*
  Windows Server 2008 for x64-based Systems and Windows Server 2008 for
    x64-based Systems Service Pack 2*
  Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for
    Itanium-based Systems Service Pack 2
  Windows 7 for 32-bit Systems
  Windows 7 for x64-based Systems
  Windows Server 2008 R2 for x64-based Systems*
  Windows Server 2008 R2 for Itanium-based Systems

Vulnerability Information

Win32k Bounds Checking Vulnerability - CVE-2010-1887

  A denial of service vulnerability exists in the Windows kernel-mode drivers
  due to the improper validation of an argument passed to a system call. An
  attacker could exploit the vulnerability by running a specially crafted
  application causing the system to become unresponsive and automatically
  restart.

Win32k Exception Handling Vulnerability - CVE-2010-1894

  An elevation of privilege vulnerability exists due to the way the Windows
  kernel-mode drivers handle certain exceptions. An attacker who successfully
  exploited this vulnerability could run arbitrary code in kernel mode. An
  attacker could then install programs; view, change, or delete data; or
  create new accounts with full user rights.

Win32k Pool Overflow Vulnerability - CVE-2010-1895

  An elevation of privilege vulnerability exists because the Windows
  kernel-mode drivers do not properly allocate memory when making a copy from
  user mode. An attacker who successfully exploited this vulnerability could
  run arbitrary code in kernel mode. An attacker could then install programs;
  view, change, or delete data; or create new accounts with full user rights.

Win32k User Input Validation Vulnerability - CVE-2010-1896

  An elevation of privilege vulnerability exists in Windows kernel-mode
  drivers due to improper validation of input passed from user mode. An attacker
  who successfully exploited this vulnerability could run arbitrary code in kernel
  mode. An attacker could then install programs; view, change, or delete data; or
  create new accounts with full user rights.

Win32k Window Creation Vulnerability - CVE-2010-1897

  An elevation of privilege vulnerability exists because Windows kernel-mode
  drivers do not properly validate all parameters when creating a new window. An
  attacker who successfully exploited this vulnerability could run arbitrary code
  in kernel mode. An attacker could then install programs; view, change, or delete
  data; or create new accounts with full user rights.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================