U-045: Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny Service

November 25, 2011 - 9:00am

PROBLEM:

A vulnerability was reported in the Windows Kernel. A local user can cause denial of service conditions.

PLATFORM:

Windows Win32k.sys

ABSTRACT:

Windows Win32k.sys Keyboard Layout Bug Lets Local Users Deny

reference LINKS:

SecurityTracker Alert ID: 1026347
Secunia ID: SA46919

IMPACT ASSESSMENT:

Low

Discussion:

A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to an indexing error in the win32k.sys driver when loading a keyboard layout file. This can be exploited to access an invalid memory location resulting in a system crash.
The vulnerability is confirmed on a fully patched Windows XP SP3 (win32k.sys version 5.1.2600.6149). Other versions may also be affected.

Impact:

DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.

Solution:

Restrict access to trusted users only.

Latest JC3 Bulletins

June 18, 2013

V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities

security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business
June 17, 2013

V-179: Blackberry Z10 Flaw Lets Physically Local Users Access the Device

A vulnerability was reported in Blackberry Z10 Smartphones.
June 14, 2013

V-178: IBM Data Studio Web Console Java Multiple Vulnerabilities

IBM Data Studio Web Console uses the IBM Java Runtime Environment (JRE) and might be affected by vulnerabilities in the IBM JRE

More JC3 Bulletins

Energy.gov

Office of the Chief Information Officer

Office of the Chief Information Officer

All Offices

You are here