Windows GDI Privilege Elevation

2009-05-25T00:00:00
ID SAINT:2E9567F8A64B2B21D9641C36E3ACBF8F
Type saint
Reporter SAINT Corporation
Modified 2009-05-25T00:00:00

Description

Added: 05/25/2009
CVE: CVE-2006-5758
BID: 20940
OSVDB: 30214

Background

The Graphics Rendering Engine in Microsoft Windows 2000 and Windows XP maps GDI Kernel structures on a global shared memory section that is created with insecure permissions.

Problem

Users with local access can remap the shared section, and overwrite kernel structures in a controlled manner leading to the execution of code with SYSTEM level privileges.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 07-017.

References

<http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx>
<http://projects.info-pull.com/mokb/MOKB-06-11-2006.html>

Limitations

A current connection must exist with the target.

This exploit will elevate the priviliges of the current connection to SYSTEM.

Platforms

Windows 2000 / Windows XP