{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Microsoft Windows Server 2003 \u00c9dition x64 Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows 7 pour syst\u00e8mes x64 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows 7 pour syst\u00e8mes 32 bits ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 R2 pour syst\u00e8mes x64 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 pour syst\u00e8mes Itanium Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 R2 pour syst\u00e8mes Itanium ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 pour syst\u00e8mes x64 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Vista Service Pack 1 et Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Vista \u00c9dition x64 Service Pack 1 et Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows XP Professionnel \u00c9dition x64 Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 R2 pour syst\u00e8mes Itanium Service Pack 1.","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows 7 pour syst\u00e8mes x64 Service Pack 1;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 pour syst\u00e8mes 32 bits ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 pour syst\u00e8mes Itanium ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2003 Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows 7 pour syst\u00e8mes 32 bits Service Pack 1;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows XP Service Pack 3 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nCes deux vuln\u00e9rabilit\u00e9s affectent le sous-syst\u00e8me win32k des\nenvironnements Microsoft Windows. Un utilisateur malveillant authentifi\u00e9\nlocalement sur le poste peut se servir de celles-ci pour \u00e9lever son\nniveau de privil\u00e8ge. La premi\u00e8re faille de s\u00e9curit\u00e9 se situe dans la\nmani\u00e8re avec laquelle les pilotes Windows en mode noyau g\u00e8rent leurs\nobjets charg\u00e9s en mode noyau. La seconde est localis\u00e9e dans la gestion\ndes pointeurs vers des objets en mode noyau utilis\u00e9s par ces m\u00eames\npilotes.\n\nLes 30 r\u00e9f\u00e9rences CVE list\u00e9es ci-dessous ont toutes pour cause initiale\nune de ces deux vuln\u00e9rabilit\u00e9s, appliqu\u00e9es \u00e0 diff\u00e9rents objets du noyau.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2011-1227","url":"https://www.cve.org/CVERecord?id=CVE-2011-1227"},{"name":"CVE-2011-0676","url":"https://www.cve.org/CVERecord?id=CVE-2011-0676"},{"name":"CVE-2011-1234","url":"https://www.cve.org/CVERecord?id=CVE-2011-1234"},{"name":"CVE-2011-1236","url":"https://www.cve.org/CVERecord?id=CVE-2011-1236"},{"name":"CVE-2011-0673","url":"https://www.cve.org/CVERecord?id=CVE-2011-0673"},{"name":"CVE-2011-0672","url":"https://www.cve.org/CVERecord?id=CVE-2011-0672"},{"name":"CVE-2011-1228","url":"https://www.cve.org/CVERecord?id=CVE-2011-1228"},{"name":"CVE-2011-1235","url":"https://www.cve.org/CVERecord?id=CVE-2011-1235"},{"name":"CVE-2011-1230","url":"https://www.cve.org/CVERecord?id=CVE-2011-1230"},{"name":"CVE-2011-1232","url":"https://www.cve.org/CVERecord?id=CVE-2011-1232"},{"name":"CVE-2011-0662","url":"https://www.cve.org/CVERecord?id=CVE-2011-0662"},{"name":"CVE-2011-1240","url":"https://www.cve.org/CVERecord?id=CVE-2011-1240"},{"name":"CVE-2011-0666","url":"https://www.cve.org/CVERecord?id=CVE-2011-0666"},{"name":"CVE-2011-0675","url":"https://www.cve.org/CVERecord?id=CVE-2011-0675"},{"name":"CVE-2011-0677","url":"https://www.cve.org/CVERecord?id=CVE-2011-0677"},{"name":"CVE-2011-0674","url":"https://www.cve.org/CVERecord?id=CVE-2011-0674"},{"name":"CVE-2011-1239","url":"https://www.cve.org/CVERecord?id=CVE-2011-1239"},{"name":"CVE-2011-1242","url":"https://www.cve.org/CVERecord?id=CVE-2011-1242"},{"name":"CVE-2011-1238","url":"https://www.cve.org/CVERecord?id=CVE-2011-1238"},{"name":"CVE-2011-1233","url":"https://www.cve.org/CVERecord?id=CVE-2011-1233"},{"name":"CVE-2011-1226","url":"https://www.cve.org/CVERecord?id=CVE-2011-1226"},{"name":"CVE-2011-1225","url":"https://www.cve.org/CVERecord?id=CVE-2011-1225"},{"name":"CVE-2011-0667","url":"https://www.cve.org/CVERecord?id=CVE-2011-0667"},{"name":"CVE-2011-1229","url":"https://www.cve.org/CVERecord?id=CVE-2011-1229"},{"name":"CVE-2011-1241","url":"https://www.cve.org/CVERecord?id=CVE-2011-1241"},{"name":"CVE-2011-1237","url":"https://www.cve.org/CVERecord?id=CVE-2011-1237"},{"name":"CVE-2011-0670","url":"https://www.cve.org/CVERecord?id=CVE-2011-0670"},{"name":"CVE-2011-0671","url":"https://www.cve.org/CVERecord?id=CVE-2011-0671"},{"name":"CVE-2011-1231","url":"https://www.cve.org/CVERecord?id=CVE-2011-1231"},{"name":"CVE-2011-0665","url":"https://www.cve.org/CVERecord?id=CVE-2011-0665"}],"links":[],"reference":"CERTA-2011-AVI-217","revisions":[{"description":"version initiale.","revision_date":"2011-04-13T00:00:00.000000"}],"risks":[{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Deux vuln\u00e9rabilit\u00e9s affectant le sous-syst\u00e8me <span\nclass=\"textit\">win32k</span> des syst\u00e8mes Microsoft Windows ont \u00e9t\u00e9\nd\u00e9couvertes. Celles-ci permettent \u00e0 un utilisateur local authentifi\u00e9\nd'\u00e9lever ses privil\u00e8ges.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans des pilotes en mode noyau du syst\u00e8me Microsoft Windows","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS11-034","url":"http://www.microsoft.com/technet/security/Bulletin/MS11-034.mspx"}]}