Executive Summary

Summary
Title Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546)
Informations
Name MS10-069 First vendor Publication 2010-09-14
Vendor Microsoft Last vendor Modification 2010-09-14
Severity (Vendor) Important Revision 1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Revision Note: V1.0 (September 14, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Microsoft Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7536
 
Oval ID: oval:org.mitre.oval:def:7536
Title: CSRSS Local Elevation of Privilege Vulnerability
Description: The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-1891
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os3
Os2

OpenVAS Exploits

DateDescription
2010-09-15Name : Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (21...
File : nvt/secpod_ms10-069.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
67986Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Local Privilege Esc...

Nessus® Vulnerability Scanner

DateDescription
2010-09-14Name : Users can elevate their privileges on the remote host.
File : smb_nt_ms10-069.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:46:41
  • Multiple Updates