Lucene search

K

[email protected]NVD:CVE-2010-1896

HistoryAug 11, 2010 - 6:47 p.m.

CVE-2010-1896

2010-08-1118:47:50

CWE-20

[email protected]

web.nvd.nist.gov

8

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

17.2%

The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka “Win32k User Input Validation Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_2003_serversp2

OR

microsoftwindows_2003_serversp2itanium

OR

microsoftwindows_server_2003sp2

OR

microsoftwindows_server_2008itanium

OR

microsoftwindows_server_2008x32

OR

microsoftwindows_server_2008x64

OR

microsoftwindows_server_2008sp2x32

OR

microsoftwindows_server_2008sp2x64

OR

microsoftwindows_server_2008Match-sp2itanium

OR

microsoftwindows_vistasp1

OR

microsoftwindows_vistasp2

OR

microsoftwindows_vistaMatch-sp1

OR

microsoftwindows_xpsp3

OR

microsoftwindows_xpMatch-sp2x64

References

www.us-cert.gov/cas/techalerts/TA10-222A.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-048

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12006

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

17.2%

Related for NVD:CVE-2010-1896

symantec1 cve1 prion1 cvelist1 seebug1 openvas2 nessus1 securityvulns2