Another Zero Day vulnerability has surfaced resulting in Windows 7 Users seeing blue screens of death, and code execution attacks. This all sounds rather scary, however Microsoft is already working on a patch, even though this problem still occurs after last weeks emergency security patch. Experts also say we won’t see a fix in tomorrow’s regularly scheduled patch. The Zero Day issue is easy to be exploited by local attackers, which could allow them entry into secure data so be wary. Below is the official cause of the problem from VUPEN a french computer security outfit.
This issue is caused by a buffer overflow error in the “CreateDIBPalette()” function within the kernel-mode device driver “Win32k.sys” when using the “biClrUsed” member value of a “BITMAPINFOHEADER” structure as a counter while retrieving Bitmap data from the clipboard, which could be exploited by malicious users to crash an affected system or potentially execute arbitrary code with kernel privileges.
