Microsoft Windows Server 2 0 0 3 SP2 - Privilege Escalation-vulnerability warning-the black bar safety net

2015-02-01T00:00:00
ID MYHACK58:62201558625
Type myhack58
Reporter 佚名
Modified 2015-02-01T00:00:00

Description

KL-0 0 1-2 0 1 5-0 0 1 : Microsoft Windows Server 2 0 0 3 SP2 Arbitrary Write Privilege Escalation

Title: Microsoft Windows Server 2 0 0 3 SP2 Arbitrary Write Privilege Escalation Advisory ID: KL-0 0 1-2 0 1 5-0 0 1 Publication Date: 2015.01.28 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2015-001.txt

1. Vulnerability Details

Affected Vendor: Microsoft Affected Product: TCP/IP Protocol Driver Affected Version: 5.2.3790.4573 Platform: Microsoft Windows Server 2 0 0 3 Service Pack 2 Architecture: x86, x64, Itanium Impact: Privilege Escalation Attack vector: IOCTL CVE-ID: CVE-2 0 1 4-4 0 7 6

2. Vulnerability Description

The tcpip.sys driver fails to sufficiently validate memory objects used during the processing of a user-provided IOCTL.

[1] [2] [3] [4] [5] [6] [7] [8] [9] [1 0] [1 1] [1 2] [[1 3]] (<58625_13.htm>) [1 4] [1 5] [1 6] [1 7] [1 8] next