Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Windows 0-day exploit

  • Please log in to reply
No replies to this topic

#1 Romeo29


    Learning To Bleep

  • Members
  • 3,194 posts
  • Gender:Not Telling
  • Location:
  • Local time:01:48 PM

Posted 25 November 2010 - 01:41 AM

A vulnerability has been identified in Microsoft Windows, which could raise the privileges of a process running under standard user privileges to the kernel level (highest privileges). The exploit works due a flaw in the way NtGdiEnableEudc API function handles the input parameters. This exploit has been tested to work in fully patched Windows 7 and Vista SP2. Some analysts are saying that it should also work on all other Windows versions including Windows XP.

The working proof-of-concept source code in C++ was uploaded to the popular programming site CodeProject some days ago. The source code and related web page has been removed since then. But this made the source code public and now it is in easy reach of any malware programmer or hacker.

This exploit can raise the privileges of a process running with standard user permissions to kernel level permissions. The NT kernel has access to everything in Windows. This exploit bypasses the User Account Control (UAC) present in Vista and 7. Thus a malicious program can easily take over the system.

The proof-of-concept code in the following picture raises the privileges of cmd.exe (command prompt) from standard user to the nt authority (kernel level).

Posted Image

A workaround
A workaround has been proposed by Sophos Security blog. This involves changing permissions of the HKCU\EUDC key.


Edited by Romeo29, 25 November 2010 - 09:56 AM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users