|
Friday, 13 November 2009 23:58 |
On Tuesday, November 10, Microsoft has released MS09-065 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947). This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted Web site. Instead, an attacker would have to convince the user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the attackers site. Microsoft ratings for MS09-065: Maximum Severity Rating - Critical Impact of Vulnerability - Remote Code Execution Exploitability Index - 1 - Consistent exploit code likely. Bulletins replaced by this update: MS09-025 MS09-065 addresses the following CVEs: 1) Win32k NULL Pointer Dereferencing Vulnerability - CVE-2009-1127 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1127) An elevation of privilege vulnerability exists because the Windows kernel does not properly validate an argument passed to a Windows kernel system call. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. 2) Win32k Insufficient Data Validation Vulnerability - CVE-2009-2513 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2513) An elevation of privilege vulnerability
Source : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=977951&poid=
|
