Executive Summary
| Summary | |
|---|---|
| Title | Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852) |
| Informations | |||
|---|---|---|---|
| Name | MS10-047 | First vendor Publication | 2010-08-10 |
| Vendor | Microsoft | Last vendor Modification | 2010-08-10 |
| Severity (Vendor) | Important | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V1.0 (August 10, 2010): Bulletin published.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS10-047.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 33 % | CWE-399 | Resource Management Errors |
| 33 % | CWE-362 | Race Condition |
| 33 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11044 | |||
| Oval ID: | oval:org.mitre.oval:def:11044 | ||
| Title: | Windows Kernel Double Free Vulnerability | ||
| Description: | Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1889 | Version: | 3 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11789 | |||
| Oval ID: | oval:org.mitre.oval:def:11789 | ||
| Title: | Windows Kernel Improper Validation Vulnerability | ||
| Description: | The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1890 | Version: | 5 |
| Platform(s): | Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11825 | |||
| Oval ID: | oval:org.mitre.oval:def:11825 | ||
| Title: | Windows Kernel Data Initialization Vulnerability | ||
| Description: | Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1888 | Version: | 3 |
| Platform(s): | Microsoft Windows XP | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-08-17 | Microsoft Windows nt!SeObjectCreateSaclAccessBits() Missed ACE Bounds Checks ... |
| 2010-08-17 | Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047) |
| 2010-08-17 | Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment ... |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-08-11 | Name : Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852) File : nvt/secpod_ms10-047.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 66990 | Microsoft Windows Kernel Object ACL Validation SeObjectCreateSaclAccessBits()... Microsoft Windows contains a flaw that may allow a local authenticated denial of service. The issue is triggered when the kernel fails to properly validate access control lists in the 'SeObjectCreateSaclAccessBits()' function on kernel objects, and will result in loss of availability for the platform. |
| 66989 | Microsoft Windows Kernel Object Initialization Error Handling Local Privilege... Microsoft Windows contains a double-free error that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the Kernel Transaction Manager fails to properly handle the 'UOW' parameter when passing it to the 'NtCreateTransaction()' function, allowing a local authenticated attacker to gain full user rights. |
| 66988 | Microsoft Windows Kernel Thread Creation Handling NtCreateThread() Local Priv... Microsoft Windows contains a race condition that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the 'NtCreateThread()' function fails to properly handle thread creation attempts, allowing a local authenticated attacker to gain full user privileges. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-08-11 | Name : The Windows kernel is affected by several vulnerabilities that could allow es... File : smb_nt_ms10-047.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:46:36 |
|
| 2013-05-11 00:49:40 |
|
