vendor:
Windows 7
by:
Project Zero
7,8
CVSS
HIGH
Windows Kernel Crash
119
CWE
Product Name: Windows 7
Affected Version From: Windows 7
Affected Version To: Windows 10
Patch Exists: YES
Related CWE: N/A
CPE: o:microsoft:windows_7::-:professional
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2017
Windows Kernel Crash
A vulnerability in the win32k.sys driver of Windows was discovered while processing corrupted TTF font files. The vulnerability causes a PAGE_FAULT_IN_NONPAGED_AREA (50) error, which occurs when an invalid system memory address is referenced. The invalid memory addresses accessed by the win32k!bGeneratePath function are seemingly "wild", e.g. 0x8273xxxx, 0x8274xxxx, 0x8275xxxx, etc.
Mitigation:
Microsoft has released a patch to address this vulnerability.
