Executive Summary
| Summary | |
|---|---|
| Title | Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546) |
| Informations | |||
|---|---|---|---|
| Name | MS10-069 | First vendor Publication | 2010-09-14 |
| Vendor | Microsoft | Last vendor Modification | 2010-09-14 |
| Severity (Vendor) | Important | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.9 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V1.0 (September 14, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Microsoft Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:7536 | |||
| Oval ID: | oval:org.mitre.oval:def:7536 | ||
| Title: | CSRSS Local Elevation of Privilege Vulnerability | ||
| Description: | The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1891 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 | |
| Os | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-09-15 | Name : Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (21... File : nvt/secpod_ms10-069.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 67986 | Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Local Privilege Esc... Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is caused due to a memory allocation error in the Client/Server Runtime Subsystem (CSRSS) when handling certain user transactions. This can be exploited to corrupt memory and execute arbitrary code with escalated privileges. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-09-14 | Name : Users can elevate their privileges on the remote host. File : smb_nt_ms10-069.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:46:41 |
|
