>> Microsoft Windows Kernel Privilege Escalation Vulnerabilities (MS08-061)
Title : Microsoft Windows Kernel Privilege Escalation Vulnerabilities (MS08-061) VUPEN ID : VUPEN/ADV-2008-2812 CVE ID : CVE-2008-2250 - CVE-2008-2251 - CVE-2008-2252 CWE ID : CWE-264 - CWE-415
Rated as : Moderate Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2008-10-14
Technical Description
Multiple vulnerabilities have been identified in Microsoft Windows, which could be exploited by local attackers to gain elevated privileges.
The first issue is caused by an error in the Windows kernel that improperly processes input passed from a parent to a child window when a new window is created, which could allow malicious users to run arbitrary code in kernel mode.
The second vulnerability is caused by a double free error in the Windows kernel when handling certain system calls from multiple threads, which could allow malicious users to execute arbitrary code with kernel privileges.
The third issue is caused due to the Windows kernel improperly validating input passed from user mode to the Kernel, which could allow malicious users to cause a memory corruption and run arbitrary code in kernel mode.
