[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Fri Jan 28 05:20:08 PST 2011
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 236 Published: Thu, 27 Jan 2011 22:07:04 GMT
New Fixlets:
============
***************************************************************
Title: Win32k Keyboard Layout Vulnerability
Severity: High
Fixlet ID: 751401
Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval7514.html
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2743
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
More information about the WinVulns-Announcements
mailing list