Lucene search
Marcin WiazowskiZDI-18-245HistoryMar 19, 2018 - 12:00 a.m.
Microsoft Windows Palette Object Race Condition Information Disclosure Vulnerability
2018-03-1900:00:00
Marcin Wiazowski
www.zerodayinitiative.com
12
0.008 Low
EPSS
Percentile
81.9%
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32k.sys driver. During creation of a palette object, a race condition exists due to the failure to lock an object in memory between operations. An attacker can leverage this vulnerability to disclose sensitive information under the context of the kernel.
Related
zdi
zdi
symantec
symantec
mscve
mscve
Windows GDI Elevation of Privilege Vulnerability
2018-03-13 07:00:00
nvd
nvd
cve
cve
cvelist
cvelist
prion
prion
Privilege escalation
2018-03-14 17:29:00
Privilege escalation
2018-03-14 17:29:00
Privilege escalation
2018-03-14 17:29:00
mskb
mskb
Description of the security update for vulnerabilities in Windows Server 2008 and WES09 and POSReady 2009: March 13, 2018
2018-03-13 07:00:00
March 13, 2018âKB4088878 (Security-only update)
2018-03-13 07:00:00
March 13, 2018âKB4088875 (Monthly Rollup)
2018-04-06 07:00:00
nessus
nessus
Security Updates for Windows Server 2008 (March 2018)
2018-03-13 00:00:00
kaspersky
kaspersky
KLA11778 Multiple vulnerabilities in Microsoft Products (ESU)
2018-03-13 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4088875)
2018-03-14 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - March 2018
2018-03-13 14:38:00
trendmicroblog
trendmicroblog