|CVSS SCORE||2.1, (AV:L/AC:L/Au:N/C:P/I:N/A:N)|
The specific flaw exists within the handling of NtUserfnINOUTNCCALCSIZE function. The issue lies in the failure to sanitize a buffer before calling a userland function resulting in the leak of an address on the kernel trap frame. An attacker can leverage this in concert with another vulnerability to achieve code execution at SYSTEM.
Microsoft has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||WanderingGlitch of HP's Zero Day Initiative