Executive Summary

TitleVulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546)
NameMS10-069First vendor Publication2010-09-14
VendorMicrosoftLast vendor Modification2010-09-14
Severity (Vendor) ImportantRevision1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score6.9Attack RangeLocal
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


Revision Note: V1.0 (September 14, 2010): Bulletin published.Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Microsoft Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx

CWE : Common Weakness Enumeration

100 %CWE-264Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7536
Oval ID: oval:org.mitre.oval:def:7536
Title: CSRSS Local Elevation of Privilege Vulnerability
Description: The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-1891
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Definition Synopsis:

CPE : Common Platform Enumeration


OpenVAS Exploits

2010-09-15Name : Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (21...
File : nvt/secpod_ms10-069.nasl

Open Source Vulnerability Database (OSVDB)

67986Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Local Privilege Esc...

Nessus® Vulnerability Scanner

2010-09-14Name : Users can elevate their privileges on the remote host.
File : smb_nt_ms10-069.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
2014-02-17 11:46:41
  • Multiple Updates