Microsoft Windows Multi-User Win32 Driver (win32k.sys) contains a vulnerability in the "CreateDIBPalette" function when creating DIB palette color values. This could be exploited to overflow the "biClrUsed" field in "BITMAPINFOHEADER" using "GetClipboardData", which would allow local attackers to execute arbitrary code with elevated kernel-level privileges.
Windows XP SP3
Server 2003 SP2
Vista SP1, 7
Server 2008 SP2
BeyondTrust Prevention and Detection:
- BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- Retina Audit 13843 - Microsoft Windows Kernel-Mode Drivers Privilege Escalation (2436673)
Install the appropriate MS10-098 patch.
- Microsoft Security Response Center Blog
- Insanely Low Level Blog