Posted on Thursday, November 25 2010 @ 17:37 CET by Thomas De Maesschalck
Neowin
reports a newly discovered 0-day security vulnerability in Windows XP, Vista and 7 allows user privilege elevation, enabling even limited accounts to execute arbitrary code.
Marco Giuliani of Prevx has stated that no malware is currently exploiting this flaw, but also warned that it would be "very soon" before malware authors begin exploiting the vulnerability.
The API in which the vulnerability is located does not correctly validate input, resulting in stack overflow. This means that an attacker could control the destination of the "overwritten return address" and in essence execute their code with kernel mode privileges. Since this exploits user elevation, it bypasses UAC and leaves Vista and 7 vulnerable. This is specifically important due to the fact that UAC was originally implemented to prevent unauthorized privilege elevation.
