|CVSS SCORE||6.8, (AV:L/AC:L/Au:S/C:C/I:C/A:C)|
This vulnerability allows local attackers to execute arbitrary code from the context of kernelspace on vulnerable installations of Microsoft Windows. The ability to make a system call is required in order to exploit this vulnerability.
The specific flaw exists within the kernel's support for Trace Events. Due to a bad type conversion, the kernel will use a truncated length for allocating data from userspace. When populating this buffer the kernel will use a differing length causing a buffer overflow. This will cause memory corruption and can lead to code execution under the context of the kernel.
Microsoft has issued an update to correct this vulnerability. More details can be found at: