Vulnerability identifier: #VU3003

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2012-1848

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Windows Server
Operating systems & Components / Operating system
Windows
Operating systems & Components / Operating system

Vendor: Microsoft

Description

The vulnerability allows a local user to obtain elevated privileges on the target system.

The vulnerability exists due to error related to scrollbar calculations by the kernel-mode driver (win32k.sys). A local attacker can execute arbitrary code on the target system with SYSTEM privileges.

Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system.

Mitigation
Install update from vendor's website:

Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=b2ea7a8d-a537-441c-8e80-2ba4ac37e320
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=6ebaccbc-512b-4f2f-bf2a-8958f012e13f
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=bc7bfb79-8eaf-4c22-b1c9-e774c55eb06d
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=bf7c9aea-dc18-499f-b456-2c29e9a74a15
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=6414b607-6fb1-4527-b218-c3cb5adfd4d1
Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=e11d8738-379a-4dfe-b21c-495041d9523a
Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=838f588b-2a0d-4dae-b54d-782e6985fd83
Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=360adbed-a451-44ed-8675-ca5624ef1cf3
Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d5a6d617-8ef6-42fa-a325-c15fa7ece7aa
Windows Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=c65df271-8b7d-46d3-81b3-87c0ad05e8d0
Windows 7 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=f4d52649-4afc-4c01-b275-93818152f6b7
Windows 7 for 32-bit Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=f4d52649-4afc-4c01-b275-93818152f6b7
Windows 7 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=7aa0b61b-b42c-4d60-8a7f-c61cbd25d6d9
Windows 7 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=7aa0b61b-b42c-4d60-8a7f-c61cbd25d6d9
Windows Server 2008 R2 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=6f815b10-c60d-4e9b-8283-494036985e93
Windows Server 2008 R2 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=6f815b10-c60d-4e9b-8283-494036985e93
Windows Server 2008 R2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=b9172218-8a3f-4b0f-a14d-64db3778f4cc
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=b9172218-8a3f-4b0f-a14d-64db3778f4cc
Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=47a0df29-f42e-463b-9c15-a93385ff8705
Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=4e6d29e1-17fc-4670-9e69-988c040f06e2
Windows Server 2008 R2 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=34824de4-0f26-4627-8ddb-23d6b9d6671a
Windows Server 2008 R2 for x64-based Systems Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=34824de4-0f26-4627-8ddb-23d6b9d6671a

Vulnerable software versions

Windows Server: 2003 - 2008

Windows: XP, 7, Vista

---

External links
http://technet.microsoft.com/en-us/library/security/ms12-034

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.