• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows NT Win32k.sys Denial of Service Vulnerability

Some Win32K functions incorrectly validate input parameters prior to NT Service Pack 2.

This problem could allow an attacker to write an application that passes malformed parameters to a Win32K function which may result in a critical system failure.

Exploitation would require that the attacker can cause the application to be executed on a vulnerable system. Reportedly, this could also be exploited through an ActiveX control residing on a maliciously constructed website.