Monday, August 09, 2010

Microsoft vulnerability and bitmaps; more on application fingerprinting

Vupen Security has reported a vulnerability in most Microsoft systems, caused by a “buffer overflow error in the "CreateDIBPalette()" function within the kernel-mode device driver "Win32k.sys" when using the "biClrUsed" member value of a "BITMAPINFOHEADER" structure as a counter while retrieving Bitmap data from the clipboard”, as reported at this link.

An example of bitmap data may include many Wikipedia jpg images recently.

Hel-Net Security carried the story with the title “new Windows 0-day flaw allows malware installation”, here.

Patrick Thomas, at Black Hat USA, discusses the “Blind Elephant: open source web application fingerprinting engine” in a link on that file, following on a report here Aug. 1.

No comments: