CVE-2010-2549
published 2010-07-02CVE-2010-2549: Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain…
PriorityP337high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
5.15%
91.4th percentile
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ProShow Gold 4.0.2549 - '.psh' Local Stack Buffer Overflow (Metasploit)
exploitdb·2010-09-25
CVE-2009-3214 ProShow Gold 4.0.2549 - '.psh' Local Stack Buffer Overflow (Metasploit)
ProShow Gold 4.0.2549 - '.psh' Local Stack Buffer Overflow (Metasploit)
---
##
# $Id: proshow_cellimage_bof.rb 10477 2010-09-25 11:59:02Z mc $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'ProShow Gold v4.0.2549 (PSH File) Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack-based buffer overflow in ProShow Gold v4.0.2549.
An attacker must send the file to victim and the victim must open the file.
},
'License' => MSF_LICENSE,
'Author' => [ 'jduck' ],
'Version' => '$Revision: 10477 $',
'References' =>
[
[ 'CVE', '2009-
Exploit-DB
Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free
exploitdb·2010-07-01
CVE-2010-2549 Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free
Microsoft Windows Vista/2008 - NtUserCheckAccessForIntegrityLevel Use-After-Free
---
Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability
Intro:
Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft-Spurned Researcher Collective. MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer.
Vulnerability report:
win32k!NtUserCheckAccessForIntegrityLevel in Vista/Server 2008 calls LockProcessByClientId() on the specified ClientID. When this call fails, the refcount will be first decremented by nt!ObfDereferenceObject and t
No writeups or analysis indexed.
http://osvdb.org/66003http://seclists.org/fulldisclosure/2010/Jul/3http://secunia.com/advisories/40421http://www.exploit-db.com/exploits/14156http://www.securityfocus.com/bid/41280http://www.us-cert.gov/cas/techalerts/TA10-285A.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/60120https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12215http://osvdb.org/66003http://seclists.org/fulldisclosure/2010/Jul/3http://secunia.com/advisories/40421http://www.exploit-db.com/exploits/14156http://www.securityfocus.com/bid/41280http://www.us-cert.gov/cas/techalerts/TA10-285A.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/60120https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12215
2010-07-02
Published